Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

       Security Advisories Relating to Symantec Products - Symantec
                    Endpoint Encryption Various Issues
                             15 November 2017


        AusCERT Security Bulletin Summary

Product:           Symantec Endpoint Encryption
Publisher:         Symantec
Operating System:  Windows
                   Mac OS
Impact/Access:     Denial of Service    -- Remote/Unauthenticated
                   Increased Privileges -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-15525 CVE-2017-15526 

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Advisories Relating to Symantec Products - Symantec Endpoint
Encryption Various Issues


November 13, 2017


Symantec has released an update to address two issues in the Symantec Endpoint
Encryption product.

Highest severity issue: Medium
Number of issues: 2


This update applies to the following issues:

TITLE                                                   CVE            SEVERITY

Symantec Endpoint Encryption DoS prior to SEE           CVE-2017-15525 Medium

Symantec Endpoint Encryption NULL Pointer prior to SEE  CVE-2017-15526 Medium


Symantec has verified the issues and addressed them in product updates as
outlined below.


The following Symantec enterprise products are affected.

PRODUCT                                SOLUTION

Symantec Endpoint Encryption prior to  Upgrade to Symantec Endpoint Encryption
SEE v11.1.3MP1                         SEE v11.1.3MP1


Symantec Endpoint Encryption Denial of Service


BID: 101697

Severity: Medium (CVSSv3: 4.2) AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact: Denial of service

Exploitation: None

Date patched: November 8, 2017

A denial of service (DoS) attack is a type of attack whereby the perpetrator
attempts to make a particular machine or network resource unavailable to its
intended users by temporarily or indefinitely disrupting services of a specific
host within a network. DoS attacks can occur when a system becomes flooded with
specific network requests or subversive operations that can cause the resourced
system to become unresponsive.

Symantec Endpoint Encryption NULL Pointer De-Reference


BID: 101698

Severity: Medium (CVSSv3: 4.2) AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact: Privilege escalation

Exploitation: None

Date patched: November 8, 2017
Symantec Endpoint Encryption can be susceptible to a null pointer de-reference
issue, which can result in a NullPointerException that can lead to a privilege
escalation scenario. A null-pointer dereference takes place when a pointer with
a value of NULL is used as though it pointed to a valid memory area.


These issues were validated by the product team engineers. A Symantec Endpoint
Encryption update, version SEE v11.1.3MP1, has been released which addresses
the aforementioned issues. Note that the latest releases and patches for
Symantec Endpoint Encryption are available to customers through normal support
channels. At this time, Symantec is not aware of any exploitations or adverse
customer impact from these issues.


  * Kyriakos Economou (@kyREcon) on behalf of Nettitude: https://
    www.nettitude.com/ (CVE-2017-15525)
  * Kyriakos Economou (@kyREcon) on behalf of Nettitude: https://
    www.nettitude.com/ (CVE-2017-15526)


- -          None



Symantec takes the security and proper functionality of our products very
seriously. As founding members of the Organization for Internet Safety
(OISafety), Symantec supports and follows responsible disclosure guidelines.
Symantec has developed a Software Security Vulnerability Management Process
document outlining the process we follow in addressing suspected
vulnerabilities in our products.
Symantec Corporation firmly believes in a proactive approach to secure software
development and implements security review into various stages of the software
development process. Additionally, Symantec is committed to the security of its
products and services as well as to its customers' data. Symantec is committed
to continually improving its software security process.
This document provides an overview of the current Secure Development Lifecycle
(SDLC) practice applicable to Symantec's product and service teams as well as
other software security related activities and policies used by such teams.
This document is intended as a summary and does not represent a comprehensive
list of security testing and practices conducted by Symantec in the software
development process.
Please contact secure@symantec.com if you believe you have discovered a
security issue in a Symantec product. A member of the Symantec Software
Security team will contact you regarding your submission to coordinate any
required response. Symantec strongly recommends using encrypted email for
reporting vulnerability information to secure@symantec.com.
The Symantec Software Security PGP key can be found at the following location:
Symantec Product Vulnerability Management PGP Key
Permission to redistribute this alert electronically is granted as long as it
is not edited in any way unless authorized by Symantec Software Security.
Reprinting the whole or part of this alert in any medium other than
electronically requires permission from secure@symantec.com.
Last modified on: November 13, 2017
Security Response Blog
The State of Spam
Symantec | United States

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967