Symantec Workspace Streaming < 7.5 SP1 XMLRPC Request Remote Code Execution (SYM14-009)

high Nessus Plugin ID 74153

Synopsis

The remote host has software installed that is affected by a remote code execution vulnerability.

Description

The version of Symantec Workspace Streaming server (formerly known as Altiris Streaming System) installed on the remote Windows host is affected by a remote code execution vulnerability. This issue is caused by improper validation of HTTPS XMLRPC requests by the Management Agent (as_agent.exe) component. A remote, unauthenticated attacker could exploit this issue to execute arbitrary code.

Solution

Upgrade to 7.5 SP1 or higher.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-14-127/

http://www.nessus.org/u?d272b309

Plugin Details

Severity: High

ID: 74153

File Name: symantec_wss_sym14-009.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 5/23/2014

Updated: 11/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 6.5

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-1649

Vulnerability Information

CPE: cpe:/a:symantec:workspace_streaming, cpe:/a:symantec:appstream

Required KB Items: SMB/symantec_workspace_streaming_server/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/10/2014

Vulnerability Publication Date: 5/12/2014

Exploitable With

Core Impact

Metasploit (Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload)

Reference Information

CVE: CVE-2014-1649

BID: 67189