Recommendation for upgrade to LUA 2.3.2.110
- Symantec Product Security has posted SYM14-005 Symantec LiveUpdate Administrator Unauthenticated/Unauthorized Account Access Modification and SQL injections advisory. This is a high severity advisory which affects LiveUpdate Administrator 2.3.2.99 and earlier. As part of normal best practices, Symantec strongly recommends keeping all operating systems and applications updated with the latest vendor patches.
Affected Products
Product | Version | Build | Solution(s) |
Symantec LiveUpdate Administrator | 2.x | 2.3.2 and prior | Upgrade to LUA 2.3.2.110 |
CVE: These issues are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
CVE | BID | Description |
CVE-2014-1644 | BID 66399 | LUA Unauthorized Account Access Modification |
CVE-2014-1645 | BID 66400 | LUA Unauthenticated SQL Injection |
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1644
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1644http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1645
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1645
- For detailed information on this vulnerability including the products and builds affected, please review the advisory at:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00
Reference document for migration: http://www.symantec.com/docs/TECH134809