1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Nearly 30 Symantec Titles Open To Attack

Discussion in 'Virus & Other Malware Removal' started by deh, Feb 10, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. deh

    deh Thread Starter

    Joined:
    Sep 6, 2002
    Messages:
    7,809
    Symantec on Tuesday released patches for a vulnerability found in a large number of its products, including flagship titles such as BrightMail AntiSpam, AntiVirus Corporate Edition, and its 2004 consumer slate.

    According to rival Internet Security Systems' X-Force research group, which discovered the flaw, the bug is in the DEC2EXE module of the Symantec Antivirus Library, a part of the scanning engine that's able to peek into compressed executable files squeezed with the UPX (Ultimate Packer for eXecutables) format.


    "This vulnerability can be triggered by an unauthenticated remote attacker, without user interaction, by sending an e-mail containing a crafted UPX file to the target Symantec AntiVirus Library on client, server, and gateway implementations," said X-Force in its advisory. A successful attack could give the attacker complete control of the supposedly-protected system.


    Symantec ranked the danger as "High," while Danish security firm Secunia, which also posted a warning, rated it as "Highly Critical."


    Symantec posted a security alert on its Web site that listed the 29 vulnerable Windows (and Macintosh (news - web sites)) products, along with recommendations to update and/or upgrade the flawed software.


    The Cupertino, Calif.-based security giant spun the news by claiming that even before ISS notified it of the vulnerability, it had already removed the DEC2EXE module from the scan engine upgrades in most of its products. It now plans to strip the offending module from all affected versions during upcoming maintenance releases.


    Even though a rival dug up the bug, there didn't seem to be any ill feelings on Symantec's part. "Symantec appreciates the actions of the X-Force research team and X-Force's Alex Wheeler in particular for identifying this issue to Symantec and their cooperation and coordination while Symantec worked to resolve all issues," the company said in a statement.

    MORE INFO:
    http://securityresponse.symantec.com/avcenter/security/Content/2005.02.08.html
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I'm sticking this for a few days deh! (y)
     
  3. deh

    deh Thread Starter

    Joined:
    Sep 6, 2002
    Messages:
    7,809
    after posting it noticed eddie posted in the 2005 Critical updates post but figured it still deserves its own post. Symantec is a pretty popular software company. :)
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,003
    That's okay, deh :)

    I also stuck it in Software, as many people post problems on that software there as well :)

    Also, this is from Bugtraq:

    This is from Slashdot and consistent with what Symantec phone support
    have told me:

    "If you're running Corporate Edition, you won't be getting the patch via LiveUpdate. You need to call their tech support line with your serial number or contact/contract number, and they'll give you the information (FTP site and password) for obtaining the 9.0 MR3 update for SAV Corporate Edition. This updates the software to version 9.0.3.1000" --SethB


    eddie
     
  5. Alan18

    Alan18

    Joined:
    Feb 9, 2005
    Messages:
    4,007
    Uh oh, I may have a problem, Our computer was made by our friend and he just used his disk to load symantec.

    Therefor, no serial #.

    I don't get why they don't send it through LiveUpdate...

    Alan
     
  6. Jack1000

    Jack1000

    Joined:
    Feb 4, 2001
    Messages:
    1,524
    They should, if your software is up to date through LU, you have the patch.

    Jack

    PS. OOPS! Corporate Editions don't get the patch through Live Update, the article says. CEO's have to call Symantic. Maybe the reason why you have to call Symantic if you are running the corporate editions through a company, is because Symantic has to get security clarance from the coropration CEO's to allow certain upgrades/updates to run on their computers. (i.e, the bosses are resonsible for taking care of this.) That's the only reason why I can think they would do something like that.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/328992

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice