Symantec Releases Raft Of Security, Storage Fixes
Last Friday, Symantec patched a critical flaw in Storage Foundation for Windows version 5.0, an application for managing online storage systems.
Miscreants could exploit the glitch to bypass authentication to Storage Foundation's management console, which could allow them to infect client PCs with malicious code via the software's scan scheduling service, Symantec said in a Deepsight Threat Management System bulletin.
Symantec Deepsight gave the vulnerability its highest severity rating, 10 out of 10, but noted that the scheduling service isn't normally exposed to unauthorized hosts, which means an attacker would need to have local access to the network in order to take advantage.
Symantec also fixed a denial of service vulnerability affecting the Windows and Unix versions of its Veritas Volume Replicator software, to which it assigned a severity rating of 6.7 out of 10.
On Monday, Cupertino, Calif.-based Symantec patched a pair of flaws in Reporting Server, a web application that companies use in conjunction with the vendor's System Center console to generate reports for the Symantec Client Security and Antivirus products installed on their networks.
The more serious of the two is a remote privilege escalation flaw that could give attackers the ability to cobble together export data to create a malicious executable, according to a Tuesday Symantec Deepsight, which assigned a severity score of 8.9 on a 10 point scale to the flaw.
Symantec Deepsight gave a severity score of 7.8 to a separate vulnerability affecting the software's authentication mechanism that could allow hackers to gain access to the reporting database without logging in.