Symantec Vulnerability Found In AV

TeMerc · 2006/05/25

eEye Digital Security is reporting that they have uncovered a major vulnerability in Symantec's AV product. Basically it will allow a remote hacker to compromise any machine that is running Norton Anti-Virus. This is a big oops. Symantec will have to scramble to get an update pushed out to all of their customers. I would imagine they can do this before an exploit is developed that allows wide spread use of the vulnerability or a worm to spread.

This revelation coincides with Symantec's press release announcing their 200 millionth customer. Not a happy coincidense.
Click to expand...

Threat Chaos Blog

TeMerc · 2006/05/25

From the above linked article:

Maiffret said eEye's testing showed the problem affects Norton Antivirus Version 10, including its corporate editions. He said Symantec's current security suite - which includes both antivirus and firewall features - did not appear to be vulnerable.
Click to expand...

BOBBO · 2006/05/25

That got me wondering if I was vulnerable. My desktop's NAV 2005 shows version 11.0.16.4, so it looks good. Then I checked the NAV 2004 on my wife's laptop, and it shows version 10.0.29.4. Not so good. Both are kept up to date, so here's hoping Symantec will plug the hole before trouble hits.

BOBBO · 2006/05/26

"May 26, 2006 -- Symantec Denies 'Highly Severe' Antivirus Flaw "

More details here:

http://www.internetnews.com/security/article.php/3609501

TeMerc · 2006/05/26

SYM06-010
May 25, 2006
Symantec Client Security and Symantec AntiVirus Elevation of Privilege
Revision History
May 26, 2006 - Updated Products Affected section and other details

Impact
High
Remote
Yes
Local
Yes
Authentication Required
No
Exploit publicly available
No

Overview
A stack overflow in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a remote or local attacker to execute code on the affected machine.

Products Affected
Product Version Build Solution
Symantec Client Security 3.1 All Pending
Symantec Antivirus Corporate Edition 10.1 All Pending

Products Not Affected
Norton Product line No products in the Norton product line are affected
Details
Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system.

Symantec Response
This advisory will be updated when product updates to address this issue are available.

Upgrade Information
Symantec engineers have verified that this vulnerability exists in the product versions listed above. We are continuing to evaluate other versions of our software. This advisory will be updated when additional information is available.

Symantec Advidsory

Source: SANS

TeMerc · 2006/05/27

Handler's Diary May 27th 2006

Symantec Patch Posted (NEW)
Published: 2006-05-27,
Last Updated: 2006-05-27 20:01:00 UTC by Deborah Hale (Version: 1)

Symantec has just posted patches for the Security Advisory SYM06-010. It appears at this time that the patches are manual download and install. We don't know at this point if a product live update will be posted for these patches but for the meantime it is there for manual load.

So for those of you enjoying the long weekend, look at what you get to look forward to on Tuesday. If you are running Symantec Corporate Edition 10.1 you get to spend Tuesday patching.
Click to expand...

Symantec Patch

SANS

Log in or Sign up

Symantec Vulnerability Found In AV

TeMerc Inactive Alumni Thread Starter

TeMerc Inactive Alumni Thread Starter

BOBBO Geek Member

BOBBO Geek Member

TeMerc Inactive Alumni Thread Starter

TeMerc Inactive Alumni Thread Starter

Share This Page

Log in or Sign up

Symantec Vulnerability Found In AV

TeMerc Inactive Alumni Thread Starter

TeMerc Inactive Alumni Thread Starter

BOBBO Geek Member

BOBBO Geek Member

TeMerc Inactive Alumni Thread Starter

TeMerc Inactive Alumni Thread Starter

Share This Page

Useful Searches