| 该漏洞存在于'英特尔文件传输服务,这种做法违反了xfr.exe应用。 When sent a properly formatted request, this service will extract a string from the request, and use it as the path of a program to execute as a new Process.当发出了一个正确格式化的请求,这一服务将提取字符串的请求,并使用它作为道路的一个程序来执行的新的进程。 The process will be started with SYSTEM privileges.这一进程将开始使用系统权限。 Exploitation of this vulnerability allows an attacker to execute arbitrary code with SYSTEM privileges.利用这个漏洞允许攻击者执行任意代码的系统权限。 In order to exploit this vulnerability, an attacker must be able to establish a TCP session on port 12174 with the vulnerable host.为了利用此漏洞,攻击者必须能够建立一个TCP端口12174上的弱势所在。 The vulnerable service is actually part of LANDesk Management Suite.弱势群体服务的一部分,实际上是LANDesk管理套件。 It is not clear whether the behavior described is part of the intended functionality of the program.目前尚不清楚是否所述的行为是有意的功能程序。 However, the manner in which the service is being used by the Symantec System Center is unsafe.然而,以何种方式服务正在使用赛门铁克系统中心是不安全的。 In a default client type installation, the Symantec System Center is not installed.在默认安装的客户类型,赛门铁克系统中心是没有安装。 The System Center would normally be found on the network administrator's system.该系统的中心通常会发现网络管理员的系统。 In addition, the Alert Management System Console is not a default option in the installation of the System Center.此外,预警管理系统控制台不是默认选项安装的系统中心。 Workaround: 解决方法: The 'Intel File Transfer' service (which launches xfr.exe) can be disabled via the Service Manager.在'英特尔文件传输服务(发射xfr.exe )可以禁用通过服务管理器。 However, this may impair the operation of the Alert Management Service (AMS).然而,这可能会妨碍行动的警报管理处(队) 。 Symantec recommends users of the AMS switch to 'Reporting' to manage alerts in their environments, and disable or uninstall AMS as a temporary mitigation.赛门铁克建议用户切换到医疗辅助队'报告'管理警示的环境,禁用或卸载队作为临时缓解。 Patch Availability: 补丁状况: Symantec has released a patch which addresses this issue.赛门铁克公司已经发布了补丁,解决这个问题。 For more information, consult their advisory at the following URL:欲了解更多信息,征询他们的咨询在以下网址: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 |
|小黑屋|最新主题|手机版|微赢网络技术论坛
( 苏ICP备08020429号 )
GMT+8, 2024-10-1 15:27 , Processed in 0.143710 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.
