Command Injection Vulnerability in Symantec Security Information Manager
CVE-2006-3072

Currently unrated

Key Information:

Vendor: Symantec
Status: Security Information Manager
Vendor: CVE Published:; 19 June 2006

What is CVE-2006-3072?

The M4 Macro Library in Symantec Security Information Manager prior to the 4.0.2.29 HOTFIX 1 version is susceptible to a command injection vulnerability. Local users can exploit this weakness by crafting malicious 'rule definitions' that lead to the execution of arbitrary commands. This flaw generates unsafe Java code during the M4 transformation process, which can be leveraged to perform unauthorized operations within the system, potentially compromising security.

References

http://secunia.com/advisories/20647

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/2334

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/18420

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2006
Vulnerability Reserved
Jun 19, 2006