Symantec Workspace Streaming and Workspace Virtualization Path Traversal and Arbitrary File Read

SUMMARY

Symantec Workspace Streaming (SWS) and Workspace Virtualization (SWV) management consoles were susceptible to a path traversal in a file download configuration file that could allow a malicious user who could access the vulnerable file to view unauthorized application files of specific file types. An authenticated console user could manipulate this same file to read any file on the host system. This could potentially provide additional information for staging additional attacks on the application or host system.

AFFECTED PRODUCTS

Symantec Workspace Streaming

---

CVE

|

Affected Version(s)

|

Remediation

CVE-2016-2205

CVE-2016-2206

|

Prior to 7.5.x & 7.6

|

Apply Hotfix SWS 7.6 HF5 or Hotfix SWS 7.5SP1 HF9

Symantec Workspace Virtualization

---

CVE

|

Affected Version(s)

|

Remediation

CVE-2016-2205

CVE-2016-2206

|

Prior to 7.6 & 7.5.x

|

Apply Hotfix SWS 7.6 HF5 or Hotfix SWS 7.5SP1 HF9

ISSUES

CVE-2016-2205

---

Severity/CVSSv3:

|

Medium / 5.2 AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Impact:

|

Securityfocus: BID 89395 / NVD: CVE-2016-2205

Path Traversal

Description:

|

Symantec was notified of an unauthorized path traversal vulnerability in the configuration tool download file. This file did not properly check file authorization. This could have potentially allow an authorized network user unauthorized access to this file and to be able to manipulate it to read specific application file types.

CVE-2016-2206

---

Severity/CVSSv3:

|

Medium / 4.5 AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References:

Impact:

|

Securityfocus: BID 89394 / NVD: CVE-2016-2206

Arbitrary file read

Description:

|

An authorized management console user could manipulate this same file to allow unauthorized read access to any file on the local host system. These types of unauthorized file read access could potentially provide sufficient information to stage additional exploit attempts against the application or the host system.

MITIGATION

Symantec Response

Symantec engineers verified these issues and resolved them in the hot fixes listed in the products table above.

Symantec is not aware of exploitation of or adverse customer impact from this issue.

Update Information

Symantec Workspace Streaming and Workspace Virtualization hotfixes will be available through Symantec File Connect. Customers should apply these hotfixes to avoid potential incidents of this nature.

Best Practices
Symantec strongly recommends as part of normal best practices:

• Restrict access to administration or management systems to privileged users.
• Restrict remote access, if required, to trusted/authorized systems only.
• Run under the principle of least privilege where possible to limit the impact of exploit by threats.
• Keep all operating systems and applications updated with the latest vendor patches.
• Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
• Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities.

ACKNOWLEDGEMENTS

Symantec would like to thank Dmitry Serebryannikov (<https://twitter.com/dsrbr&gt;) for reporting these to us and working with us as we addressed them.