发布日期:2012-12-13
更新日期:2012-12-15受影响系统:
Symantec Enterprise Security Manager 9.0.325
Symantec Enterprise Security Manager 6.5.3
Symantec Enterprise Security Manager 6.5.2
Symantec Enterprise Security Manager 6.5.1
Symantec Enterprise Security Manager 6.5
Symantec Enterprise Security Manager 6.0
Symantec Enterprise Security Manager 10.0.274
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 56915
CVE(CAN) ID: CVE-2012-4350Symantec Enterprise Security Manager(ESM)可以在整个企业范围内为关键性应用程序和服务器自动搜索发现其漏洞隐患和不符合安全策略的设定。Symantec的Enterprise Security Manager (ESM) for Windows在Manager和Agent组件内存在未引用的搜索路径,如果未授权的本地用户可以在root路径中插入任意代码,则可以提升的权限在系统启动或重启时执行其代码。
<*来源:Gavin Jones
链接:http://www.securitytracker.com/id/1027874
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=secu
*>建议:
--------------------------------------------------------------------------------
厂商补丁:Symantec
--------
Symantec已经为此发布了一个安全公告(20121213_00)以及相应补丁:20121213_00:Security Advisories Relating to Symantec Products - Symantec Enterprise Security Manager Manager/Agent Local Elevation of Privilege链接:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=secu补丁下载:https://www.symantec.com/security_response/securityupdates/list.jsp?fid=esm&pvid=puCentreon "menu"参数SQL盲注漏洞Cerberus FTP Server Web Admin跨站脚本漏洞相关资讯 本地权限提升漏洞
- LG Android设备上多个Sprite软件本 (06/25/2013 14:22:32)
- Novell ZENworks Desktop (05/08/2013 19:05:40)
- Microsoft Windows Kernel 本地权 (02/19/2013 07:08:35)
| - 多个EMC控制台产品本地权限提升漏 (05/17/2013 20:24:24)
- IBM InfoSphere Guardium 不明细节 (02/28/2013 21:47:48)
- IBM Tivoli NetView for z/OS本地 (12/25/2012 14:16:54)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
<
|
易网时代-编程资源站