Symantec LiveUpdate Administrator Cross-Site Request Forgery Vulnerability


Description   A vulnerability has been identified in Symantec LiveUpdate Administrator (LUA), which could be exploited to manipulate or obtain certain information and data. This issue is caused by input validation errors in the management login GUI page, which could be exploited by attackers to execute arbitrary code by tricking an authorized admin into visiting the event log page.
     
Vulnerable Products   Vulnerable Software:
Symantec LiveUpdate Administrator version 2.2.2.9 and prior
     
Solution   Upgrade to Symantec LiveUpdate Administrator version 2.3.
     
CVE   CVE-2011-1524
CVE-2011-0545
     
References   http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00
http://www.exploit-db.com/exploits/17026/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2011-03-22 

 Target Type 
Server 

 Possible exploit 
Local & Remote