[unisog] Symantec Vulnerability - info

Andreas Östling andreaso at it.su.se
Fri Feb 11 11:51:24 GMT 2005


On Thursday 10 February 2005 23:01, Allison MacFarlan wrote:
> Symantec has decided not to update the vulnerable versions on the
> Windows platform. They are advising customers to upgrade to a new
> build. In NAV/SAV 9.*, this is build 9.0.1.1000 and higher. We have
> not determined yet whether a new build can be installed on top
> of the old one, or if you'll have to rip it out.

On http://www.symantec.com/avcenter/security/Content/2005.02.08.html, they 
currently state that e.g. Symantec AntiVirus Corporate Edition 9.0
9.0.0.338 is vulnerable, but on 
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005020911112648, 
they state that Symantec AntiVirus Corporate Edition 9.0 is unaffected.
I find this a bit confusing.

However, an update for Bloodhound has been available via LiveUpdate since 
2005-02-09 that will hopefully give (some?) protection anyway:
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.26.html 

/Andreas



More information about the unisog mailing list