Title

Symantec System Recovery Arbitrary Code Execution Vulnerability (Cat II impact)

Discussion

Symantec has released a security advisory addressing a vulnerability affecting Symantec System Recovery.  Symantec System Recovery is a server backup utility. To exploit this vulnerability, an attacker would place specifically-crafted files into a susceptible directory of the Granular Restore Library and entice a user to load a specifically formatted file from an alternate file location or network share.  If successfully exploited, this vulnerability would allow an attacker to execute unauthorized arbitrary code with user permissions and compromise the system.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: Symantec System Recovery 2011(all builds) Verify the application's version number by using Help, About or similar menu selections. Ensure the Application/System version is at least the version listed below. Symantec System Recovery 2011 SP2 Windows - Alternately, verify the version through the Support information link for the program in Add or Remove Programs or Programs and Features (Vista Forward). To expose the version column in Programs and Features right click somewhere in the column headers, select More and select Version.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33396

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.