cnvd - cnvd-2016-04733

cnvd-2016-04733

Vulnerability from cnvd

Title: Symantec Workspace Streaming/Workspace Virtualization任意文件读取漏洞

Description:

Symantec Workspace Streaming 可实现应用程序按需设置、实时软件许可证管理以及即时应用程序升级。Symantec Workspace Virtualization 实现了应用程序虚拟化，可减少应用程序冲突，降低测试要求，同时减少支持呼叫量。

Symantec Workspace Streaming (SWS)及Workspace Virtualization (SWV)管理控制台在文件下载配置文件中存在任意文件读取漏洞，攻击者可利用该漏洞使恶意用户读取主机系统上的任意文件。

Severity: 低

Patch Name: Symantec Workspace Streaming/Workspace Virtualization任意文件读取漏洞的补丁

Patch Description:

Symantec Workspace Streaming (SWS)及Workspace Virtualization (SWV)管理控制台在文件下载配置文件中存在任意文件读取漏洞，攻击者可利用该漏洞使恶意用户读取主机系统上的任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160707_00

Reference: http://www.linuxidc.com/Linux/2016-07/133026.htm

Impacted products

Name
['Symantec Workspace Streaming 7.5.x', 'Symantec Workspace Streaming 7.6.0', 'Symantec Workspace Virtualization 7.5.x', 'Symantec Workspace Virtualization 7.6.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "89394"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2206"
    }
  },
  "description": "Symantec Workspace Streaming \u53ef\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u6309\u9700\u8bbe\u7f6e\u3001\u5b9e\u65f6\u8f6f\u4ef6\u8bb8\u53ef\u8bc1\u7ba1\u7406\u4ee5\u53ca\u5373\u65f6\u5e94\u7528\u7a0b\u5e8f\u5347\u7ea7\u3002Symantec Workspace Virtualization \u5b9e\u73b0\u4e86\u5e94\u7528\u7a0b\u5e8f\u865a\u62df\u5316\uff0c\u53ef\u51cf\u5c11\u5e94\u7528\u7a0b\u5e8f\u51b2\u7a81\uff0c\u964d\u4f4e\u6d4b\u8bd5\u8981\u6c42\uff0c\u540c\u65f6\u51cf\u5c11\u652f\u6301\u547c\u53eb\u91cf\u3002\r\n\r\nSymantec Workspace Streaming (SWS)\u53caWorkspace Virtualization (SWV)\u7ba1\u7406\u63a7\u5236\u53f0\u5728\u6587\u4ef6\u4e0b\u8f7d\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u6076\u610f\u7528\u6237\u8bfb\u53d6\u4e3b\u673a\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Dmitry Serebryannikov",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2016\u0026suid=20160707_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04733",
  "openTime": "2016-07-13",
  "patchDescription": "Symantec Workspace Streaming \u53ef\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u6309\u9700\u8bbe\u7f6e\u3001\u5b9e\u65f6\u8f6f\u4ef6\u8bb8\u53ef\u8bc1\u7ba1\u7406\u4ee5\u53ca\u5373\u65f6\u5e94\u7528\u7a0b\u5e8f\u5347\u7ea7\u3002Symantec Workspace Virtualization \u5b9e\u73b0\u4e86\u5e94\u7528\u7a0b\u5e8f\u865a\u62df\u5316\uff0c\u53ef\u51cf\u5c11\u5e94\u7528\u7a0b\u5e8f\u51b2\u7a81\uff0c\u964d\u4f4e\u6d4b\u8bd5\u8981\u6c42\uff0c\u540c\u65f6\u51cf\u5c11\u652f\u6301\u547c\u53eb\u91cf\u3002\r\n\r\nSymantec Workspace Streaming (SWS)\u53caWorkspace Virtualization (SWV)\u7ba1\u7406\u63a7\u5236\u53f0\u5728\u6587\u4ef6\u4e0b\u8f7d\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u6076\u610f\u7528\u6237\u8bfb\u53d6\u4e3b\u673a\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec Workspace Streaming/Workspace Virtualization\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Symantec Workspace Streaming 7.5.x",
      "Symantec Workspace Streaming 7.6.0",
      "Symantec Workspace Virtualization 7.5.x",
      "Symantec Workspace Virtualization 7.6.0"
    ]
  },
  "referenceLink": "http://www.linuxidc.com/Linux/2016-07/133026.htm",
  "serverity": "\u4f4e",
  "submitTime": "2016-07-11",
  "title": "Symantec Workspace Streaming/Workspace Virtualization\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}

CVE-2016-2206 (GCVE-0-2016-2206)

Vulnerability from cvelistv5

Published

2016-07-12 01:00

Modified

2024-08-05 23:24

Severity ?

CWE

Summary

The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.

References

▼	URL	Tags
	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1036263	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1036262	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/89394	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
          },
          {
            "name": "1036263",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036263"
          },
          {
            "name": "1036262",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036262"
          },
          {
            "name": "89394",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89394"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
        },
        {
          "name": "1036263",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036263"
        },
        {
          "name": "1036262",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036262"
        },
        {
          "name": "89394",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/89394"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2016-2206",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160707_00"
            },
            {
              "name": "1036263",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036263"
            },
            {
              "name": "1036262",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036262"
            },
            {
              "name": "89394",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/89394"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2016-2206",
    "datePublished": "2016-07-12T01:00:00",
    "dateReserved": "2016-02-02T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted