[unisog] Symantec Vulnerability

Joe Matusiewicz joem at nist.gov
Thu Feb 10 17:39:26 GMT 2005


At 11:34 AM 2/10/2005, Gary Flynn wrote:
>Hi,
>
>1. Does anyone know if the "maintenance release" needed to
>    fix the corporate edition of Symantec AV will be
>    distributed through Liveupdate or whether it will
>    require a software installation distribution process?
>    The advisory was confusing to me on that issue.
>     "Customers can obtain a Maintenance Release update
>      through the Symantec Enterprise Support
>      site http://www.symantec.com/techsupp. "

It confused the heck out of me too.  I went looking around at the above 
site and couldn't find any patch. However according to this article:

http://news.com.com/Symantec+flaw+leaves+opening+for+viruses/2100-1002_3-5569811.html

which states:

"Symantec is distributing patches to its customers through its
LiveUpdate automatic update service and other mechanisms. It warned
companies that do not use those services to download the patches from
its Web site and apply them as soon as possible."

The corporate edition does use Live Update...I assume I'm OK <gulp>.


>2. Anyone have any thoughts on the seriousness of this
>    defect?

It looks like you don't have to open anything.  From the way I read it, the 
email comes in, goes into the spool directory, Norton unpacks the 
attachment to look at it and you're r00ted.  You don't even have to be 
there.  This is scary stuff.


-- Joe




More information about the unisog mailing list