[unisog] Symantec Vulnerability

Ramon Kagan rkagan at yorku.ca
Thu Feb 10 18:09:39 GMT 2005


Hi,

I wouldn't assume you're ok =).  I've done a live update and the patch
revision number does not change.  You need to have 9.0.3 I believe, at
least that's my interpretation of the notification.  I agree there is some
ambiguity, so I think the prudent thing to do is to call you rep (yeah
fun)

Ramon Kagan
York University, Computing and Network Services
Information Security  -  Senior Information Security Analyst
(416)736-2100 #20263
rkagan at yorku.ca

-----------------------------------   ------------------------------------
I have not failed.  I have just	       I don't know the secret to success,
found 10,000 ways that don't work.     but the secret to failure is
				       trying to please everybody.
	- Thomas Edison				- Bill Cosby
-----------------------------------   ------------------------------------

On Thu, 10 Feb 2005, Joe Matusiewicz wrote:

> At 11:34 AM 2/10/2005, Gary Flynn wrote:
> >Hi,
> >
> >1. Does anyone know if the "maintenance release" needed to
> >    fix the corporate edition of Symantec AV will be
> >    distributed through Liveupdate or whether it will
> >    require a software installation distribution process?
> >    The advisory was confusing to me on that issue.
> >     "Customers can obtain a Maintenance Release update
> >      through the Symantec Enterprise Support
> >      site http://www.symantec.com/techsupp. "
>
> It confused the heck out of me too.  I went looking around at the above
> site and couldn't find any patch. However according to this article:
>
> http://news.com.com/Symantec+flaw+leaves+opening+for+viruses/2100-1002_3-5569811.html
>
> which states:
>
> "Symantec is distributing patches to its customers through its
> LiveUpdate automatic update service and other mechanisms. It warned
> companies that do not use those services to download the patches from
> its Web site and apply them as soon as possible."
>
> The corporate edition does use Live Update...I assume I'm OK <gulp>.
>
>
> >2. Anyone have any thoughts on the seriousness of this
> >    defect?
>
> It looks like you don't have to open anything.  From the way I read it, the
> email comes in, goes into the spool directory, Norton unpacks the
> attachment to look at it and you're r00ted.  You don't even have to be
> there.  This is scary stuff.
>
>
> -- Joe
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>
>



More information about the unisog mailing list