Symantec recently announced two vulnerabilities in the Symantec
Reporting Server component of the Symantec Client Security Suite. This
component is a web application used to view logs and statistics and
create reports on managed Symantec clients. It is not part of the client
software and is not required for the Symantec management servers.
If your department is operating a Symantec Reporting Server, please read
the alerts below and make sure your servers are updated with the
appropriate patches. If you installed this component along with the
management server but you do not use it, we recommend uninstalling it to
guard against any potential vulnerabilities.
If your department operates a Symantec Management server, and you are
interested in using the central Symantec Reporting Server operated by
SNS to view client logs/status and create reports, please contact me at
akhenry_at_berkeley.edu.
-- Allison Henry System and Network Security University of California, Berkeley http://security.berkeley.edu -------- Original Message -------- Subject: Platinum Bulletin Date: Tue, 05 Jun 2007 13:19:08 -0400 From: Platinum_at_symantec.com To: akhenry_at_berkeley.edu SYM07-011 & SYM07-012 - Symantec Reporting Server Password Disclosure and Symantec Reporting Server Elevation of Privilege Symantec has posted two advisories regarding Symantec Reporting Server. Reporting Server is distributed with Symantec AntiVirus Corporate Edition 10.1 or later and Symantec Client Security 3.1 and later. For information on what builds are affected and obtaining and installing a non-vulnerable version of Symantec Reporting Server, please visit the advisory links included below. Symantec Reporting Server can be updated independently from Symantec AntiVirus or Symantec Client Security. Symantec has not received any reports of customers impacted by this issue, or any attempts to exploit this vulnerability. As part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update Symantec Reporting Server immediately to protect against possible attempts to exploit this vulnerability. SYM07-011 http://www.symantec.com/avcenter/security/Content/2007.06.05.html SYM07-012 http://www.symantec.com/avcenter/security/Content/2007.06.05a.html ************************ This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by email and delete this message. Thank you. Symantec regional offices: North America and Latin America - platinum.contracts_at_symantec.com Europe - semea_at_symantec.com Asia Pacific - contractsadmin_at_symantec.com This is an automated message. We are not able to respond to messages sent to this address. Please call Platinum Support if you have comments or questions about this bulletin. If you no longer want to receive these notifications, please log in to the Symantec Alerting Service (https://virusalerts.symantec.com/PLATINUM/log_in.mbd) to change your alert options. ------------------------------------------------------------------------ The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu/Received on Tue Jun 05 2007 - 14:29:25 PDT
This archive was generated by hypermail 2.2.0 : Tue Jun 05 2007 - 14:29:26 PDT