[unisog] Symantec Vulnerability

Frank Bulk bulkf at dordt.edu
Thu Feb 10 19:40:02 GMT 2005


Delayed updates and confusion are the story of Symantec's life.

See:
http://isc.sans.org/diary.php?date=2005-02-09
for confirmation.

Remember when Windows XP SP2 came out, and their software was supposed to be
updated so that Microsoft's security center would work with the latest
versions of NAV?  Their website was very unclear and the patch was late in
coming.  My sister lent me her laptop to get this issue resolved, but I had
to give it back after a few days because the update was so long in coming.

Frank

-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Ramon Kagan
Sent: Thursday, February 10, 2005 12:10 PM
To: UNIversity Security Operations Group
Cc: unisog at sans.org
Subject: Re: [unisog] Symantec Vulnerability

Hi,

I wouldn't assume you're ok =).  I've done a live update and the patch
revision number does not change.  You need to have 9.0.3 I believe, at least
that's my interpretation of the notification.  I agree there is some
ambiguity, so I think the prudent thing to do is to call you rep (yeah
fun)

Ramon Kagan
York University, Computing and Network Services Information Security  -
Senior Information Security Analyst (416)736-2100 #20263 rkagan at yorku.ca

-----------------------------------   ------------------------------------
I have not failed.  I have just	       I don't know the secret to success,
found 10,000 ways that don't work.     but the secret to failure is
				       trying to please everybody.
	- Thomas Edison				- Bill Cosby
-----------------------------------   ------------------------------------

On Thu, 10 Feb 2005, Joe Matusiewicz wrote:

> At 11:34 AM 2/10/2005, Gary Flynn wrote:
> >Hi,
> >
> >1. Does anyone know if the "maintenance release" needed to
> >    fix the corporate edition of Symantec AV will be
> >    distributed through Liveupdate or whether it will
> >    require a software installation distribution process?
> >    The advisory was confusing to me on that issue.
> >     "Customers can obtain a Maintenance Release update
> >      through the Symantec Enterprise Support
> >      site http://www.symantec.com/techsupp. "
>
> It confused the heck out of me too.  I went looking around at the 
> above site and couldn't find any patch. However according to this article:
>
> http://news.com.com/Symantec+flaw+leaves+opening+for+viruses/2100-1002
> _3-5569811.html
>
> which states:
>
> "Symantec is distributing patches to its customers through its 
> LiveUpdate automatic update service and other mechanisms. It warned 
> companies that do not use those services to download the patches from 
> its Web site and apply them as soon as possible."
>
> The corporate edition does use Live Update...I assume I'm OK <gulp>.
>
>
> >2. Anyone have any thoughts on the seriousness of this
> >    defect?
>
> It looks like you don't have to open anything.  From the way I read 
> it, the email comes in, goes into the spool directory, Norton unpacks 
> the attachment to look at it and you're r00ted.  You don't even have 
> to be there.  This is scary stuff.
>
>
> -- Joe
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>
>
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog




More information about the unisog mailing list