[unisog] Symantec Vulnerability
joem at nist.gov
Thu Feb 10 17:39:26 GMT 2005
At 11:34 AM 2/10/2005, Gary Flynn wrote:
>1. Does anyone know if the "maintenance release" needed to
> fix the corporate edition of Symantec AV will be
> distributed through Liveupdate or whether it will
> require a software installation distribution process?
> The advisory was confusing to me on that issue.
> "Customers can obtain a Maintenance Release update
> through the Symantec Enterprise Support
> site http://www.symantec.com/techsupp. "
It confused the heck out of me too. I went looking around at the above
site and couldn't find any patch. However according to this article:
"Symantec is distributing patches to its customers through its
LiveUpdate automatic update service and other mechanisms. It warned
companies that do not use those services to download the patches from
its Web site and apply them as soon as possible."
The corporate edition does use Live Update...I assume I'm OK <gulp>.
>2. Anyone have any thoughts on the seriousness of this
It looks like you don't have to open anything. From the way I read it, the
email comes in, goes into the spool directory, Norton unpacks the
attachment to look at it and you're r00ted. You don't even have to be
there. This is scary stuff.
More information about the unisog