Symantec Security Advisory SYM07-020

Symantec Security Advisory SYM07-020
Symantec Discovery Insecure File Permissions

On July 23, 2007 security firm Secunia issued a security advisory relating to insecure file permissions on Symantec Discovery. This advisory relates to the default file permissions set at installation on the Symantec Discovery server.

The Symantec Discovery product was designed by its 3rd-Party vendor, Centennial Software, such that anyone with access to the Discovery server should have the ability to run the Discovery Control Center. Symantec recommends that server access be restricted to administrators only. For most customers, administrative access only is allowed to the Discovery server. These customers are not affected by this issue. For customers who would like to implement a higher level of security than what is already present within their implementation, we recommend more stringent file based permissions on the directory be set to limit access from unauthorized local users. Please contact your Symantec Support representative for any required assistance.

Secunia Advisory: http://secunia.com/advisories/25374/
Symantec Support Knowledge base article:
http://entkb.symantec.com/security/output/8424.html
SecurityFocus (http://www.securityfocus.com) has assigned Bugtraq ID (BID) 25000 to this issue.

More info at http://securityresponse.symantec.com/avcenter/security/Content/2007.07.27a.html

Leave a Reply