CVE-2008-4389 - OpenCVE

Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Appstream Workspace Streaming

Configuration 1 [-]

OR	cpe:2.3:a:symantec:workspace_streaming:6.1:::::::*
	cpe:2.3:a:symantec:workspace_streaming:6.1:sp1::::::
	cpe:2.3:a:symantec:workspace_streaming:6.1:sp2::::::
	cpe:2.3:a:symantec:workspace_streaming:6.1:sp3::::::

Configuration 2 [-]

OR	cpe:2.3:a:symantec:appstream:5.2:::::::*
	cpe:2.3:a:symantec:appstream:5.2.1:::::::*
	cpe:2.3:a:symantec:appstream:5.2.2:::::::*
	cpe:2.3:a:symantec:appstream:5.2.3:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/40233
http://www.kb.cert.org/vuls/id/221257
http://www.securityfocus.com/bid/40611
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00
http://www.vupen.com/english/advisories/2010/1511
https://exchange.xforce.ibmcloud.com/vulnerabilities/59504

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2010-06-17T16:00:00

Updated: 2024-08-07T10:17:09.432Z

Reserved: 2008-10-02T00:00:00

Link: CVE-2008-4389

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-06-17T16:30:01.293

Modified: 2017-08-08T01:32:36.530

Link: CVE-2008-4389

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-16T00:00:00", "descriptions": [{"lang": "en", "value": "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "40611", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40611"}, {"name": "ADV-2010-1511", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1511"}, {"name": "VU#221257", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/221257"}, {"name": "40233", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40233"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00"}, {"name": "symantec-appstream-download-ce(59504)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2008-4389", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "40611", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40611"}, {"name": "ADV-2010-1511", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1511"}, {"name": "VU#221257", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/221257"}, {"name": "40233", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40233"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00"}, {"name": "symantec-appstream-download-ce(59504)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:09.432Z"}, "title": "CVE Program Container", "references": [{"name": "40611", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40611"}, {"name": "ADV-2010-1511", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1511"}, {"name": "VU#221257", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/221257"}, {"name": "40233", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40233"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00"}, {"name": "symantec-appstream-download-ce(59504)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2008-4389", "datePublished": "2010-06-17T16:00:00", "dateReserved": "2008-10-02T00:00:00", "dateUpdated": "2024-08-07T10:17:09.432Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:workspace_streaming:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "96313018-84AD-4DB4-B5FE-23A49840C0C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:workspace_streaming:6.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "376E49E5-5631-4CFE-AF04-ABE615F3F2FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:workspace_streaming:6.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "25254E74-3A33-4FAA-914C-1BEE7388F478", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:workspace_streaming:6.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "C14E8F23-7CCA-4371-922A-7994E1D37879", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:appstream:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "1CC38EC4-C066-44E8-8212-EA2151824915", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:appstream:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "832A2E1A-4EFB-4DAD-959D-4DF35E5275CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:appstream:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "60C52587-6CD3-48CB-8438-660185B97565", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:appstream:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "3F29D4BC-CDC9-443A-8414-B92FFE8159D8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors."}, {"lang": "es", "value": "Symantec AppStream v5.2.x y Symantec Workspace Streaming (SWS) v6.1.x antes de v6.1 SP4 no realiza la autenticaci\u00f3n correctamente, lo que permite descargar, a servidores de streaming remotos y a atacantes \"man-in-the-middle\", archivos ejecutables de su elecci\u00f3n en un sistema cliente y ejecutar estos archivos, a trav\u00e9s de vectores no especificados."}], "id": "CVE-2008-4389", "lastModified": "2017-08-08T01:32:36.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-06-17T16:30:01.293", "references": [{"source": "cret@cert.org", "url": "http://secunia.com/advisories/40233"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/221257"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/40611"}, {"source": "cret@cert.org", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2010/1511"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59504"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}