[IP] Symantec Anti-Virus Software Open To Attack

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Symantec Anti-Virus Software Open To Attack
From: David Farber <dave@xxxxxxxxxx>
Date: Wed, 21 Dec 2005 08:23:21 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <25b.4038479.30da34ee@xxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: EEkid@xxxxxxx
Date: December 20, 2005 11:32:46 PM EST
To: dave@xxxxxxxxxx
Subject: Symantec Anti-Virus Software Open To Attack

Symantec Anti-Virus Software Open To Attack

The bug, which could result in a completely compromised machine,remains unpatched although Symantec has issued an advisory.


By Gregg Keizer
TechWeb News

Dec 20, 2005 05:06 PM

Symantec's line of anti-virus software is vulnerable to attack, aprominent security researcher revealed Tuesday. The bug is currentlyunpatched, although Symantec has issued an advisory.

The vulnerability, which was discovered and reported by Alex Wheeler,is in how Symantec's AntiVirus Library, part of all the Cupertino,Calif.-based security giant's anti-virus products, handles RARcompressed files. RAR files are created by the WinRAR compressionutility, developed and sold by RarLab.

The bug, labeled as "Highly critical" by Danish vulnerability trackerSecunia and "High" by Symantec itself, can cause a heap overflow,which then may let an attacker execute additional code. Bottom-line:the bug could result in a completely compromised machine.

"The issues can be leveraged remotely to gain complete control overthe affected system," Symantec wrote in an alert Tuesday morning tocustomers of its DeepSight Threat Management System.

All editions of Symantec's Norton Internet Security and NortonAntiVirus, including AntiVirus for the Macintosh, are at risk, as areother products which include the Library. Those include suchenterprise-specific lines as AntiVirus Corporate Edition, BrightmailAnti-Spam, Client Security, and Gateway Security.

Symantec has not issued a patch for the vulnerability, but theDeepSight alert recommended that users disable scanning for RARarchive files.

Wheeler is well known among researchers for his probing of securitysoftware weaknesses. Earlier in 2005, he disclosed a slew ofvulnerabilities in software from major vendors like McAfee, KasperskyLabs, F-Secure, and Trend Micro. All the bugs he has discoveredinvolve how the various anti-virus scanning engines handle compressedfiles.

This is the second scanning vulnerability Wheeler has uncovered inSymantec's product line. In February, while working with InternetSecurity Systems, a Symantec rival, he announced a bug in howSymantec's scanning engine could be hacked as it sniffed through UPX-formatted files.









-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] "Double Secret" Wiretaps vs. the President's 2004 Statement
Next by Date: [IP] Hollywood less gender-friendly than the US Senate AND the Afghanistan government?
Previous by thread: [IP] "Double Secret" Wiretaps vs. the President's 2004 Statement
Next by thread: [IP] Hollywood less gender-friendly than the US Senate AND the Afghanistan government?
Index(es):
- Date
- Thread