CVE-2008-4389
First published: Thu Jun 17 2010(Updated: )
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Workspace Streaming | =6.1-sp1 | |
| Symantec Workspace Streaming | =6.1-sp3 | |
| Symantec Workspace Streaming | =6.1 | |
| Symantec Workspace Streaming | =6.1-sp2 | |
| Symantec AppStream | =5.2.2 | |
| Symantec AppStream | =5.2.3 | |
| Symantec AppStream | =5.2.1 | |
| Symantec AppStream | =5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/40611
- http://secunia.com/advisories/40233
- http://www.kb.cert.org/vuls/id/221257
- http://www.vupen.com/english/advisories/2010/1511
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100616_00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59504
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/symantec
- canonical/symantec workspace streaming
- version/symantec workspace streaming/6.1-sp1
- version/symantec workspace streaming/6.1-sp3
- version/symantec workspace streaming/6.1
- version/symantec workspace streaming/6.1-sp2
- canonical/symantec appstream
- version/symantec appstream/5.2.2
- version/symantec appstream/5.2.3
- version/symantec appstream/5.2.1
- version/symantec appstream/5.2