[unisog] More: Bot outbreak exploiting SYM06-010

robin mstubbs at facstaff.wisc.edu
Tue Nov 28 20:47:23 GMT 2006


Various articles keep saying "patch" as regards symantec and SYM06-010. 
I'm getting the impression (possibly wrong) that in Symantec lingo one 
doesn't patch to an "MR" level, that one has to install to an MR level. 
(Is that true?) I have gotten very very confused about the "MR" thing 
and the "point patch" (PP) thing. [We have an agreement of some sort 
with Symantec but I certainly am not a person that has access to any
platinum or gold accounts.]

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid_p/2006050314483048
In above I note that under MR4 above they claim to fix this particular 
issue. So we have to get to MR4 or MR5 to avoid this SYM06-010? (not 
addressing the question of what the problem was for which they have an
MR5 level :-)
"Maintenance Release 4 (MR4)
This section describes the fixes in Maintenance Release 4 of Symantec 
AntiVirus 10.1 and Symantec Client Security 3.1.
Symantec AntiVirus Corporate Edition 10.1.4.4000
....
       New fixes
       Symantec Client Security and Symantec AntiVirus Elevation of 
Privilege vulnerability (SYM06-010)
       Maintenance Release 4 includes a fix for the Symantec Client 
Security and Symantec AntiVirus Elevation of Privilege vulnerability. 
You do not need to apply the patch for the vulnerability if you migrate 
to Maintenance Release 4."

The reason I wonder about these things is that we have here an ability 
to download multiple files and that is forcing me into deciding what of 
them are needed. (It's not just a problem for this bot issue. It's an 
issue any time someone would get the urge to install this product, 
because typically one would want to install the most up to date version 
in a new install, as we do things here.)

We are offered:
10.1.5.b5000 labeled "Download 10.1 MR5"

and a file 10.1.4.4010 (one for 32 bit and one for 64 bit)
"32-bit Client Installer  	Download 10.1 MR4 w/MP1"
"64-bit Client Installer  	Download 10.1 MR4 w/MP1"

and a latest point patch, one for 32 bit and one for 64 bit:
10.1.5_pp1
"Latest Point Patch  	PP1 for MR5 32-bit"
                         PP1 for MR5 64-bit"

If one wanted the latest and greatest v 10 savce then would one have to 
install "10.1 MR5" *and* install the point patch for MR5? Is that how it 
works. (Apologies if this is a dumb question.)

(I could ask the same questions about version 9 but I'm refusing to go 
there. We are also offered many options regarding 9 but I just don't 
want to think about it. :-)



More information about the unisog mailing list