Monday, April 27, 2009

Multiple Symantec Software Vulnerabilities Found

--
This isn't so much a useful article as a thumb in the eye of my least favorite anti-Mac security FUD monger, Symantec. Have an *evil laugh* along with me if you like:

Digging around at the F-Secure site tonight I happened up on this article from a few days back:

Symantec Brightmail Gateway Control Center Multiple Vulnerabilities

Summary

Some vulnerabilities have been reported in Symantec Brightmail Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to bypass certain security restrictions.

Detailed Description

Some vulnerabilities have been reported in Symantec Brightmail Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to bypass certain security restrictions.

1) Certain unspecified input passed to the Control Center is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) An error when processing unspecified console functions can be exploited by a Control Center user to gain administrative privileges.

The vulnerabilities are reported in versions prior to 8.0.1.
The vulnerabilities were discovered by Secunia.

They were NOT discovered by Symantec.

So next time Symantec strike one of their Overlords Of Security poses, just laugh at them.

;-D
--

No comments:

Post a Comment