[unisog] Symantec Vulnerability

Brance Amussen :)_S brance at jhu.edu
Thu Feb 10 18:26:37 GMT 2005

There has been much confusion over version numbers here as well.. I feel
headache approaching..

Version 9.0.3 would be vulnerable as any 9.x version earlier than 9.01.1000

According to my Systems Center Console the latest version is
(or at least the latest version I have..) 

And of course, the above is correct only if I am interpreting Symantec's
versioning number system correctly.. Which I may not be doing.. 

Brance :)_S


Brance Amussen 
Network/Systems Admin
Zanvyl Krieger Mind/Brain Institute
Johns Hopkins University

-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Ramon Kagan
Sent: Thursday, February 10, 2005 1:10 PM
To: UNIversity Security Operations Group
Cc: unisog at sans.org
Subject: Re: [unisog] Symantec Vulnerability


I wouldn't assume you're ok =).  I've done a live update and the patch
revision number does not change.  You need to have 9.0.3 I believe, at least
that's my interpretation of the notification.  I agree there is some
ambiguity, so I think the prudent thing to do is to call you rep (yeah

Ramon Kagan
York University, Computing and Network Services Information Security  -
Senior Information Security Analyst (416)736-2100 #20263 rkagan at yorku.ca

-----------------------------------   ------------------------------------
I have not failed.  I have just	       I don't know the secret to success,
found 10,000 ways that don't work.     but the secret to failure is
				       trying to please everybody.
	- Thomas Edison				- Bill Cosby
-----------------------------------   ------------------------------------

On Thu, 10 Feb 2005, Joe Matusiewicz wrote:

> At 11:34 AM 2/10/2005, Gary Flynn wrote:
> >Hi,
> >
> >1. Does anyone know if the "maintenance release" needed to
> >    fix the corporate edition of Symantec AV will be
> >    distributed through Liveupdate or whether it will
> >    require a software installation distribution process?
> >    The advisory was confusing to me on that issue.
> >     "Customers can obtain a Maintenance Release update
> >      through the Symantec Enterprise Support
> >      site http://www.symantec.com/techsupp. "
> It confused the heck out of me too.  I went looking around at the 
> above site and couldn't find any patch. However according to this article:
> http://news.com.com/Symantec+flaw+leaves+opening+for+viruses/2100-1002
> _3-5569811.html
> which states:
> "Symantec is distributing patches to its customers through its 
> LiveUpdate automatic update service and other mechanisms. It warned 
> companies that do not use those services to download the patches from 
> its Web site and apply them as soon as possible."
> The corporate edition does use Live Update...I assume I'm OK <gulp>.
> >2. Anyone have any thoughts on the seriousness of this
> >    defect?
> It looks like you don't have to open anything.  From the way I read 
> it, the email comes in, goes into the spool directory, Norton unpacks 
> the attachment to look at it and you're r00ted.  You don't even have 
> to be there.  This is scary stuff.
> -- Joe
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list