Evaluator Impact

Per vendor: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 "Symantec System Center Impact Symantec System Center (SSS) is a Microsoft Management Console (MMC) plug-in which allows an administrator to manage all Symantec AntiVirus platforms from a single, centralized location. Alert Management System 2 (AMS2) is an alerting feature of System Center that listens for specific events and sends notifications as specified by the administrator. AMS2 is installed by default with Symantec System Center 9.0. AMS2 is an optional component in Symantec System Center 10.0 or 10.1. These vulnerabilities will only impact systems if AMS has been installed. Symantec AntiVirus Server Impact AMS2 is installed by default with Symantec AntiVirus Server 9.0. AMS2 is an optional component in Symantec AntiVirus Server 10.0 or 10.1. These vulnerabilities will only impact systems if AMS has been installed. Symantec AntiVirus and Symantec Endpoint Protection Central Quarantine Server Impact AMS2 is installed by default by Central Quarantine Server. These vulnerabilities will only impact systems if Quarantine Server has been installed. Symantec is not aware of any customers impacted by these issues, or of any attempts to exploit them. However, we recommend that any affected customers update their product immediately to protect against potential attempts to exploit these issues. Certain localized language versions of SCS 2.0/SAV 9.x were not patched due to compatibility issues on the localized platforms. As a result, customers who are running the following versions are strongly recommended to update to a non-vulnerable SCS 2.0/SAV 9 International English version or upgrade to a non-vulnerable version of SEP 11.x: Symantec Client Security 2.0/Symantec AntiVirus Corporate Edition 9.x (Chinese Simplified and Chinese Traditional) Symantec Client Security 2.0/Symantec AntiVirus Business Pack 9.x (Chinese Simplified and Chinese Traditional) Symantec Client Security 2.0/Symantec AntiVirus Business Pack 9.x (Korean) Symantec Client Security 2.0/Symantec AntiVirus Business Pack 9.x (Japanese licensed)"

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786

http://secunia.com/advisories/34856

http://www.securityfocus.com/bid/34675

http://www.securitytracker.com/id?1022130

http://www.securitytracker.com/id?1022131

http://www.securitytracker.com/id?1022132

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

http://www.vupen.com/english/advisories/2009/1204

https://exchange.xforce.ibmcloud.com/vulnerabilities/50179

OR
     *cpe:2.3:a:symantec:antivirus:-:-:srv:*:*:*:*:*
     *cpe:2.3:a:symantec:antivirus:*:-:corporate:*:*:*:*:* versions up to (including) 9.0
     *cpe:2.3:a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*
     *cpe:2.3:a:symantec:antivirus:10.0.1:*:corporate:*:*:*:*:*
     *cpe:2.3:a:symantec:antivirus:10.0.1.1:*:corporate:*:*:*:*:*
     *cpe:2.3:a:symantec:antivirus:10.0.2:*:corporate:*:*:*:*:*
     *cpe:2.3:a:symantec:antivirus:10.0.2.1:*:corporate:*:*:*:*:*
     *cpe:2.3:a:symantec:antivir

OR
     *cpe:2.3:a:symantec:antivirus:-:-:srv:*:*:*:*:*
     *cpe:2.3:a:symantec:antivirus:*:-:corporate:*:*:*:*:* versions up to (including) 9.0
     *cpe:2.3:a:symantec:antivirus:*:*:corporate:*:*:*:*:* versions from (including) 10 up to (including) 10.2
     *cpe:2.3:a:symantec:antivirus_central_quarantine_server:*:*:*:*:*:*:*:*
     *cpe:2.3:a:symantec:client_security:*:*:*:*:*:*:*:* versions up to (including) 2.0
     *cpe:2.3:a:symantec:client_security:*:*:*:*:*:*:*:* versions from (includ

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786 No Types Assigned

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786 Third Party Advisory

http://secunia.com/advisories/34856 No Types Assigned

http://secunia.com/advisories/34856 Third Party Advisory

http://www.securityfocus.com/bid/34675 No Types Assigned

http://www.securityfocus.com/bid/34675 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id?1022130 No Types Assigned

http://www.securitytracker.com/id?1022130 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id?1022131 No Types Assigned

http://www.securitytracker.com/id?1022131 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id?1022132 No Types Assigned

http://www.securitytracker.com/id?1022132 Third Party Advisory, VDB Entry

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 No Types Assigned

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 Vendor Advisory

http://www.vupen.com/english/advisories/2009/1204 No Types Assigned

http://www.vupen.com/english/advisories/2009/1204 Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50179 No Types Assigned

https://exchange.xforce.ibmcloud.com/vulnerabilities/50179 Third Party Advisory, VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/50179 [No Types Assigned]

http://xforce.iss.net/xforce/xfdb/50179 [No Types Assigned]