Vulnerability Name:

CVE-2009-1429 (CCN-50176)

Assigned:2009-04-28
Published:2009-04-28
Updated:2017-08-17
Summary:The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-1429

Source: OSVDB
Type: UNKNOWN
54157

Source: CCN
Type: SA34856
Symantec Products Alert Management System 2 Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
34856

Source: SREASON
Type: UNKNOWN
8346

Source: CCN
Type: SECTRACK ID: 1022130
Symantec Anti Virus Corporate Edition Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1022131
Symantec Client Security Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1022132
Symantec Endpoint Protection Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code

Source: CCN
Type: OSVDB ID: 54157
Symantec Multiple Products Intel Common Base Agent (CBA) CreateProcessA() Function Remote Command Execution

Source: BID
Type: Exploit
34671

Source: CCN
Type: BID-34671
Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022130

Source: SECTRACK
Type: UNKNOWN
1022131

Source: SECTRACK
Type: UNKNOWN
1022132

Source: CCN
Type: SYM09-007
Symantec Alert Management System 2 multiple vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1204

Source: XF
Type: UNKNOWN
symantec-cba-command-execution(50176)

Source: XF
Type: UNKNOWN
symantec-cba-command-execution(50176)

Source: EXPLOIT-DB
Type: EXPLOIT
EDB-ID: 17699

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:antivirus:-:-:srv:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:*:-:corporate:*:*:*:*:* (Version <= 9.0)
  • OR cpe:/a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.1.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.3:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.4:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.5:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.6:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.7:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.8:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.9:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:*:*:corporate:*:*:*:*:* (Version <= 10.1)
  • OR cpe:/a:symantec:antivirus:*:*:corporate:*:*:*:*:* (Version <= 10.2)
  • OR cpe:/a:symantec:antivirus_central_quarantine_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:*:*:*:*:*:*:*:* (Version <= 3.1)
  • OR cpe:/a:symantec:endpoint_protection:*:*:*:*:*:*:*:* (Version <= 11.0)
  • OR cpe:/a:symantec:system_center:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.1::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.4::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2::corporate:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec antivirus - -
    symantec antivirus * -
    symantec antivirus 10.0
    symantec antivirus 10.0.1
    symantec antivirus 10.0.1.1
    symantec antivirus 10.0.2
    symantec antivirus 10.0.2.1
    symantec antivirus 10.0.2.2
    symantec antivirus 10.0.3
    symantec antivirus 10.0.4
    symantec antivirus 10.0.5
    symantec antivirus 10.0.6
    symantec antivirus 10.0.7
    symantec antivirus 10.0.8
    symantec antivirus 10.0.9
    symantec antivirus *
    symantec antivirus *
    symantec antivirus central quarantine server *
    symantec client security 2.0
    symantec client security 3.0
    symantec client security 3.0.0.359
    symantec client security 3.0.1.1000
    symantec client security 3.0.1.1001
    symantec client security 3.0.1.1007
    symantec client security 3.0.1.1008
    symantec client security 3.0.1.1009
    symantec client security 3.0.2
    symantec client security 3.0.2.2000
    symantec client security 3.0.2.2001
    symantec client security 3.0.2.2002
    symantec client security 3.0.2.2010
    symantec client security 3.0.2.2011
    symantec client security 3.0.2.2020
    symantec client security 3.0.2.2021
    symantec client security *
    symantec endpoint protection *
    symantec system center *
    symantec client security 3.1
    symantec client security 3.1.0.396
    symantec client security 3.1.0.401
    symantec antivirus 10.0
    symantec antivirus 10.1
    symantec antivirus 10.0.1
    symantec antivirus 10.0.2
    symantec antivirus 10.0.4
    symantec endpoint protection 11.0.6200.754
    symantec antivirus 10.2