Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Symantec Vulnerability Found


  • Please log in to reply
5 replies to this topic

#1 TeMerc

TeMerc

    Countermeasures Team Leader


  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:04:52 PM

Posted 25 May 2006 - 07:01 PM

eEye Digital Security is reporting that they have uncovered a major vulnerability in Symantec's AV product. Basically it will allow a remote hacker to compromise any machine that is running Norton Anti-Virus. This is a big oops. Symantec will have to scramble to get an update pushed out to all of their customers. I would imagine they can do this before an exploit is developed that allows wide spread use of the vulnerability or a worm to spread.

This revelation coincides with Symantec's press release announcing their 200 millionth customer. Not a happy coincidense.


Posted Image Threat Chaos Blog

Mod Edit: Topic moved to more appropriate forum ~ Animal

Edited by Animal, 26 May 2006 - 11:08 AM.

Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image

BC AdBot (Login to Remove)

 


#2 TeMerc

TeMerc

    Countermeasures Team Leader

  • Topic Starter

  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:04:52 PM

Posted 26 May 2006 - 02:19 PM

SYM06-010
May 25, 2006
Symantec Client Security and Symantec AntiVirus Elevation of Privilege
Revision History
May 26, 2006 - Updated Products Affected section and other details

Impact
High
Remote
Yes
Local
Yes
Authentication Required
No
Exploit publicly available
No


Overview
A stack overflow in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a remote or local attacker to execute code on the affected machine.

Products Affected
Product Version Build Solution
Symantec Client Security 3.1 All Pending
Symantec Antivirus Corporate Edition 10.1 All Pending


Products Not Affected
Norton Product line No products in the Norton product line are affected
Details
Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system.

Symantec Response
This advisory will be updated when product updates to address this issue are available.

Upgrade Information
Symantec engineers have verified that this vulnerability exists in the product versions listed above. We are continuing to evaluate other versions of our software. This advisory will be updated when additional information is available.

Symantec Advidsory

Source: SANS
Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image

#3 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:52 PM

Posted 27 May 2006 - 10:02 AM

One of the reasons why I'm not using Norton anymore! :thumbsup:
Stanford '14
B.S. Candidate | Computer Science

#4 tekman22003

tekman22003

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 27 May 2006 - 10:06 AM

I stopped using Symantec years ago. PC Cillian is the best as far as I am concerned.

#5 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:52 PM

Posted 27 May 2006 - 11:28 AM

My post is supposed to say Symantec and Norton.... just realized that now.
Stanford '14
B.S. Candidate | Computer Science

#6 TeMerc

TeMerc

    Countermeasures Team Leader

  • Topic Starter

  • Malware Response Team
  • 215 posts
  • OFFLINE
  •  
  • Location:PHX., AZ.
  • Local time:04:52 PM

Posted 27 May 2006 - 03:31 PM

Handler's Diary May 27th 2006

Symantec Patch Posted (NEW)
Published: 2006-05-27,
Last Updated: 2006-05-27 20:01:00 UTC by Deborah Hale (Version: 1)

Symantec has just posted patches for the Security Advisory SYM06-010. It appears at this time that the patches are manual download and install. We don't know at this point if a product live update will be posted for these patches but for the meantime it is there for manual load.

So for those of you enjoying the long weekend, look at what you get to look forward to on Tuesday. If you are running Symantec Corporate Edition 10.1 you get to spend Tuesday patching.


Symantec Patch

SANS
Posted Image
Calendar of Updates
Malware Advisor Blog
HijackThis! Trusted Advisor
Ultimate Countermeasures Page
TeMerc Internet Countermeasures
Remember, you can NEVER be OVERPROTECTED!!!
Proud Member of the Alliance of Security Analysis Professionals
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users