发布日期:2014-03-27
更新日期:2014-04-01受影响系统:
Symantec LiveUpdate Administrator 2.3
Symantec LiveUpdate Administrator 2.2.2.9
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 66400
CVE(CAN) ID: CVE-2014-1645
Symantecs LiveUpdate Administrator是实时更新管理程序。
Symantec LiveUpdate Administrator 2.3.2及更早版本的管理GUI没有有效过滤针对后端数据库的查询,这可导致未授权访问数据库信息。
<*来源:Stefan Viehböck
链接:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=secu
*>建议:
--------------------------------------------------------------------------------
厂商补丁:
Symantec
--------
Symantec已经为此发布了一个安全公告(SYM14-005)以及相应补丁:
SYM14-005:Security Advisories Relating to Symantec Products - Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL injections
链接:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=secu
补丁下载:http://www.symantec.com/business/support/index?page=content&id=TECH134809cURL/libcURL SSL证书验证安全限制绕过漏洞(CVE-2014-0139)FreePBX Framework模块admin/libraries/view.functions.php远程代码执行漏洞相关资讯 Symantecs LiveUpdate Administrator
- Symantec LiveUpdate Administrato (03/31/2014 19:10:46)
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承
|
易网时代-编程资源站