[unisog] Symantec Vulnerability

Gary Flynn flynngn at jmu.edu
Thu Feb 10 16:34:07 GMT 2005


Hi,

1. Does anyone know if the "maintenance release" needed to
    fix the corporate edition of Symantec AV will be
    distributed through Liveupdate or whether it will
    require a software installation distribution process?
    The advisory was confusing to me on that issue. It first
    said:

    "Symantec product engineers have developed and released
     updates or Maintenance Releases for all impacted product
     versions that were not already upgraded in the latest
     product build release. Updates and Maintenance Releases
     are available either through Symantec's LiveUpdate for
     those products that have LiveUpdate capability or from
     the Symantec Product Support site"

    But later, under the heading "Symantec Antivirus
    Corporate Edition and Symantec Client Security
    upgrades:", it says:

    "Symantec has tested and posted Maintenance Releases to
    address this issue in affected Symantec AntiVirus Corporate
    Edition versions for both the standalone product and the
    integrated Symantec Client Security. The Maintenance Release
    removes the DEC2EXE engine from the affected products and
    upgrades the scan engine to a new version."

    "Symantec strongly recommends customers, if they are not
     already running a current non-vulnerable product
     version/build, upgrade to their appropriate product
     update immediately to protect against these types of
     threats."

     "Customers can obtain a Maintenance Release update
      through the Symantec Enterprise Support
      site http://www.symantec.com/techsupp. "

2. Anyone have any thoughts on the seriousness of this
    defect? At first glance, it would require someone
    to open a file that, perhaps they shouldn't before
    Symantec would scan it. But I guess it wouldn't have
    to be an executable file so more people than normal
    may open it. The other thing I thought of was browser
    cache. AV kicks off on javascript type malware when
    simply browsing the web as it gets loaded into browser
    cache. I wonder if there is a way to get UPX compressed
    files into cache the same way.

http://www.symantec.com/techsupp/enterprise/select_product_updates_nojs.html
http://xforce.iss.net/xforce/alerts/id/187

-- 
Gary Flynn
Security Engineer
James Madison University



More information about the unisog mailing list