CVE-2014-3434 - OpenCVE

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Endpoint Protection

Configuration 1 [-]

OR	cpe:2.3:a:symantec:endpoint_protection:11.0:::::::*
	cpe:2.3:a:symantec:endpoint_protection:12.0:-:small_business:::::*
	cpe:2.3:a:symantec:endpoint_protection:12.1:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html
http://secunia.com/advisories/58996
http://secunia.com/advisories/59697
http://www.exploit-db.com/exploits/34272
http://www.kb.cert.org/vuls/id/252068
http://www.osvdb.org/109663
http://www.securityfocus.com/bid/68946
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/95062

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2014-08-06T19:00:00

Updated: 2024-08-06T10:43:06.117Z

Reserved: 2014-05-09T00:00:00

Link: CVE-2014-3434

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-08-06T19:55:03.557

Modified: 2017-08-29T01:34:45.373

Link: CVE-2014-3434

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-05T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00"}, {"name": "109663", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/109663"}, {"name": "68946", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68946"}, {"name": "symantec-endpoint-priv-escalation(95062)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95062"}, {"name": "VU#252068", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/252068"}, {"name": "58996", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/58996"}, {"name": "59697", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59697"}, {"name": "34272", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/34272"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2014-3434", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00"}, {"name": "109663", "refsource": "OSVDB", "url": "http://www.osvdb.org/109663"}, {"name": "68946", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68946"}, {"name": "symantec-endpoint-priv-escalation(95062)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95062"}, {"name": "VU#252068", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/252068"}, {"name": "58996", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58996"}, {"name": "59697", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59697"}, {"name": "34272", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/34272"}, {"name": "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:43:06.117Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00"}, {"name": "109663", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/109663"}, {"name": "68946", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68946"}, {"name": "symantec-endpoint-priv-escalation(95062)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95062"}, {"name": "VU#252068", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/252068"}, {"name": "58996", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/58996"}, {"name": "59697", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59697"}, {"name": "34272", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/34272"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2014-3434", "datePublished": "2014-08-06T19:00:00", "dateReserved": "2014-05-09T00:00:00", "dateUpdated": "2024-08-06T10:43:06.117Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.0:-:small_business:*:*:*:*:*", "matchCriteriaId": "7D7E851B-1A0A-4077-9FCF-754D4FF798FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A8C3211-6088-49D6-8228-C4E9B5DF1631", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call."}, {"lang": "es", "value": "Desbordamiento de buffer en el controlador sysplant en Symantec Endpoint Protection (SEP) Client 11.x y 12.x anterior a 12.1 RU4 MP1b, y Small Business Edition anterior a SEP 12.1, permite a usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de un argumento largo en una llamada 0x00222084 IOCTL."}], "id": "CVE-2014-3434", "lastModified": "2017-08-29T01:34:45.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-06T19:55:03.557", "references": [{"source": "secure@symantec.com", "url": "http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html"}, {"source": "secure@symantec.com", "url": "http://secunia.com/advisories/58996"}, {"source": "secure@symantec.com", "url": "http://secunia.com/advisories/59697"}, {"source": "secure@symantec.com", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/34272"}, {"source": "secure@symantec.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/252068"}, {"source": "secure@symantec.com", "url": "http://www.osvdb.org/109663"}, {"source": "secure@symantec.com", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/68946"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00"}, {"source": "secure@symantec.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95062"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}