Flaws Found in Symantec Scan Engine

Latest News | News Archive |

Posted by: Tweaker
Date added: 22:48, 25th April 2006 GMT
Source: Beta News

Symantec earlier this week warned of vulnerabilities within its Scan Engine, a programming interface that allows third parties to incorporate scanning technologies into their applications. The security software maker has rated the vulnerabilities as a "medium risk."

According to the advisory, the first problem lies within an issue in authenticating Web-based logins. "Anyone with knowledge of the underlying communication mechanism can control the Scan Engine server," the notice reads. Another flaw opens the program up to a "man-in-the-middle attack." According to Symantec, the DSA key used for SSL communications is easily extracted.

Remote users could also download any file in the installation directory of the program through a third flaw. Using regular or specially crafted HTTP requests, the information could be easily accessed. The company stressed that these vulnerabilities only affect the Scan Engine and none of its desktop applications.

Customers are urged to upgrade to Symantec Scan Engine 5.1 in order to protect themselves from the flaw. At this time, there are no known available exploits. However, proof-of-concept code has already been published, security researchers warn.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]