受影响系统:
Symantec SCSP 〈 5.2.9 MP6
Symantec SES:CSP 1.0.x < 1.0 MP5
Symantec DCS:SA 〈=6.6 MP1
Symantec DCS:SA 6.x < 6.5 MP1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 90884
CVE(CAN) ID: CVE-2015-8798Symantec Encryption Management Server可以管理并自动化加密解决方案的安全策略。
Symantec SES:CSP 1.0.x < 1.0 MP5、SES:CSP 6.5.0 < MP1、SCSP〈 5.2.9 MP6、DCS:SA 6.x < 6.5 MP1, 6.6 < MP1、DCS:SA 〈=6.6 MP1版本,Management Server中存在目录遍历漏洞,经身份验证的远程用户利用此漏洞可执行任意代码。
<*来源:Matthias Kaiser
Markus Wulftange
链接:*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Symantec
--------
Symantec已经为此发布了一个安全公告(SYM16-009)以及相应补丁:
SYM16-009:Security Advisories Relating to Symantec Products - Symantec Embedded Security: Critical System Protection and Symantec Data Center Security: Server Advanced, Multiple Security Issues
链接:https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00
