Symantec has released updates to address a DLL loading issue in Symantec IT Management Suite (ITMS), Symantec Ghost Solution Suite (GSS), Symantec Encryption Desktop (SED), and Symantec Endpoint Virtualization (SEV).
Symantec IT Management Suite 8.0
|
|
CVE-2016-6590
|
Prior to 8.0 HF4
|
Upgrade to 8.0 HF4
Symantec IT Management Suite 7.6
|
|
CVE-2016-6590
|
Prior to 7.6 HF7
|
Upgrade to 7.6 HF7
Symantec Ghost Solution Suite
|
|
CVE-2016-6590
|
Prior to 3.1 MP4
|
Upgrade to 3.1 MP4
Symantec Endpoint Virtualization
|
|
CVE-2016-6590
|
Prior to 7.6 HF7
|
Upgrade to 7.6 HF7
Symantec Encryption Desktop
|
|
CVE-2016-6590
|
Prior to 10.4.1 MP1
|
Upgrade to 10.4.1 MP1
CVE-2016-6590
Severity/CVSSv3:
|
High / 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Impact:
|
Securityfocus: BID 94279 / NVD: CVE-2016-6590
Code execution
Description:
|
Symantec was notified of a DLL loading issue impacting the Symantec ITMS, GSS, SED and SEV products. An authorized but non-privileged user could potentially leverage this issue to execute arbitrary code with elevated privileges on the system. Ultimately, this problem is caused by a failure to use an absolute path when loading DLLs during product boot up/reboot. This can cause default DLL search logic to be followed and creates the potential for an unauthorized execution of a specifically-crafted DLL substituted for the authorized DLL in the search path. If successfully accomplished, the user’s code could potentially execute with the elevated privileges of the application.
An external attacker would need to successfully entice an authorized user to visit a malicious web site or click on a malicious HTML link in an email in any attempts to download malicious code to take advantage of this issue.
Symantec engineers verified this finding and have resolved it in the product upgrades indicated as solutions in the Affected Products table. For customers with Symantec IT Management Suite 7.6, ensure you update to ITMS 7.6 HF7 and then apply point fix as described in <https://support.symantec.com/en_US/article.info3459.html>. Product Updates are available through normal customer product download locations.
Customers should apply these upgrades to avoid potential incidents of this nature.
Symantec is not aware of exploitation of or adverse customer impact from this issue.