Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2890 Security Advisories Relating to Symantec Products - Symantec Endpoint Encryption Various Issues 15 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Symantec Endpoint Encryption Publisher: Symantec Operating System: Windows Mac OS Impact/Access: Denial of Service -- Remote/Unauthenticated Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-15525 CVE-2017-15526 Original Bulletin: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20171113_00 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Advisories Relating to Symantec Products - Symantec Endpoint Encryption Various Issues SYM17-012 November 13, 2017 OVERVIEW Symantec has released an update to address two issues in the Symantec Endpoint Encryption product. Highest severity issue: Medium Number of issues: 2 ISSUES This update applies to the following issues: TITLE CVE SEVERITY Symantec Endpoint Encryption DoS prior to SEE CVE-2017-15525 Medium v11.1.3MP1 Symantec Endpoint Encryption NULL Pointer prior to SEE CVE-2017-15526 Medium v11.1.3MP1 AFFECTED PRODUCTS Symantec has verified the issues and addressed them in product updates as outlined below. Enterprise The following Symantec enterprise products are affected. PRODUCT SOLUTION Symantec Endpoint Encryption prior to Upgrade to Symantec Endpoint Encryption SEE v11.1.3MP1 SEE v11.1.3MP1 ISSUE DETAILS Symantec Endpoint Encryption Denial of Service CVE-2017-15525 BID: 101697 Severity: Medium (CVSSv3: 4.2) AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H Impact: Denial of service Exploitation: None Date patched: November 8, 2017 A denial of service (DoS) attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. DoS attacks can occur when a system becomes flooded with specific network requests or subversive operations that can cause the resourced system to become unresponsive. Symantec Endpoint Encryption NULL Pointer De-Reference CVE-2017-15526 BID: 101698 Severity: Medium (CVSSv3: 4.2) AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H Impact: Privilege escalation Exploitation: None Date patched: November 8, 2017 Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. A null-pointer dereference takes place when a pointer with a value of NULL is used as though it pointed to a valid memory area. MITIGATION These issues were validated by the product team engineers. A Symantec Endpoint Encryption update, version SEE v11.1.3MP1, has been released which addresses the aforementioned issues. Note that the latest releases and patches for Symantec Endpoint Encryption are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues. ACKNOWLEDGEMENTS * Kyriakos Economou (@kyREcon) on behalf of Nettitude: https:// www.nettitude.com/ (CVE-2017-15525) * Kyriakos Economou (@kyREcon) on behalf of Nettitude: https:// www.nettitude.com/ (CVE-2017-15526) REVISIONS - - None REPORTING VULNERABILITIES TO SYMANTEC Symantec takes the security and proper functionality of our products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec supports and follows responsible disclosure guidelines. Symantec has developed a Software Security Vulnerability Management Process document outlining the process we follow in addressing suspected vulnerabilities in our products. Symantec Corporation firmly believes in a proactive approach to secure software development and implements security review into various stages of the software development process. Additionally, Symantec is committed to the security of its products and services as well as to its customers' data. Symantec is committed to continually improving its software security process. This document provides an overview of the current Secure Development Lifecycle (SDLC) practice applicable to Symantec's product and service teams as well as other software security related activities and policies used by such teams. This document is intended as a summary and does not represent a comprehensive list of security testing and practices conducted by Symantec in the software development process. Please contact secure@symantec.com if you believe you have discovered a security issue in a Symantec product. A member of the Symantec Software Security team will contact you regarding your submission to coordinate any required response. Symantec strongly recommends using encrypted email for reporting vulnerability information to secure@symantec.com. The Symantec Software Security PGP key can be found at the following location: Symantec Product Vulnerability Management PGP Key COPYRIGHT (C) BY SYMANTEC CORP. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Software Security. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com. Last modified on: November 13, 2017 Security Response Blog The State of Spam Symantec | United States - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWgt32ox+lLeg9Ub1AQiUyBAArRCV6nTbYV9/mB+ZWnS0pkzwvqHhPfPz 86PMzxnOL+AllNM2EW0SyqHWms46qjJE7e7KQN+ex52TDnug7BPKTCYo9Vho/JH8 YrbiIEHRI93yBWSWLVVUUZkFAqnJyBKlzhzB3Srhm9j53oCEjHxRlxp0oJvWivgo jDBGUCbm58W4Z+VGsSlbdYOD1E0k/PEcCfDw8R/D/mtY9g3ZcznuwTbGHtXnoKnj kcHPFrIhDVSy2u949BG0d07MuTwNS6tRuXD9wufNVmR7+CZFGRw9kosDlyjDrvGC ApELcyKRNQmAFINrQWAS3IdsFdV2WDmST3JRmopbU6wh2pMaWuB+5qYDGCkWpxrW tJelK4bbldjOS4x8GMJM3DMbDtMXq+KJ/NDW82em5N35tTbl7EVxWwXWiKmTP7XD 577fhb8gYK3Y4JFk6JbS48I8vbdsBgcPVwX52BaBrEOOb38nechBJMkhPLcaRwP5 HYcrRbS5Ymr/sy+u+vOQE+Y6mZ6S5ScZP4iY2Dl5RU9VovTCiNFa2cFH82GZ30vq UPfI4h2B95J2KvNZKxUydIZxgX8fkggVIOgBx4DG/Rrr2q/7GGApQxlMSBIQomeG X0p8fK+JSmhs0RaU1kTlCNiFdMBY4pYz0g4JrB7x6a+DwGOCa1DDQZdVE9briUBg 1OC3MOxV6k4= =NxW9 -----END PGP SIGNATURE-----