Home Print Show Topic URL Previous Next

Understanding local update host vulnerabilities

Online Help

A vulnerability scan on a local update host may present a number of new vulnerabilities for the computer serving as the local update host. Among the vulnerabilities you might find are:

High risk vulnerabilities:

  • PHP Built-in web server 'Content-Length' denial of service Vulnerability

  • HTTP TRACE XSS attack

  • Apache chunked encoding

  • Cisco VoIP phones denial of service

  • NT IIS 5.0 Malformed HTTP Printer Request Header buffer overflow Vulnerability

  • Squid information-disclosure vulnerability

Medium risk vulnerabilities:

  • Squid HTCP Packets Processing denial of service Vulnerability

  • Squid External Auth Header Parser DOS Vulnerabilities

  • Squid Header-Only Packets Remote denial of service Vulnerability

Low risk vulnerabilities:

  • Clock accuracy checker (by HTTP)

  • Relative IP Identification number change

The vulnerability names come from a customer-provided Security Space Security Audit. Different vendors use different names to describe similar vulnerabilities.

These vulnerabilities cannot be ignored. We mitigate the issues presented by the vulnerabilities in several ways:

  • Anonymous access to the Squid proxy is not permitted.

  • All communications with the proxy are limited to customer agents.

  • Symantec recommends that a local update host be placed in inside of network perimeters on a stationary computer.

  • Symantec also recommends blocking access from untrusted networks to local update host service port 3128. However, the firewall must permit communications between the local update host and Symantec services.

These mitigation factors protect the local update host from external attack. Administrators must, however, be alert for possible internal threats.