APP: Symantec Alert Management System Pin Number Stack Buffer Overflow
This signature detects attempts to exploit a known stack buffer overflow vulnerability in Symantec's Alert Management System. It is caused by code that copies a user supplied Pin Number into a stack buffer without prior validation of its size. The vulnerable code (contained in pagehndl.dll) handles data sent from the msgsys.exe process, which listens on port TCP/38292 by default. A remote unauthenticated attacker can exploit this by sending specially crafted input to the affected service. A successful attack can result in arbitrary code execution in the SYSTEM context
Extended Description
Symantec Intel Alert Management System (AMS2) is prone to multiple remote buffer-overflow vulnerabilities. AMS2 is used in multiple Symantec products including Symantec AntiVirus Corporate Edition Server (SAVCE), Symantec System Center (SSC), and Symantec Quarantine Server. Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
Symantec system_center
Short Name
APP:SYMC:AMS-PIN-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Alert Buffer CVE-2010-0110 Management Number Overflow Pin Stack Symantec System bid:45936
Release Date
02/15/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/38292
False Positive
Unknown
Vendors
Symantec
CVSS Score
7.9