Possible issue with Symantec AntiVirus in Security http://www.dslreports.com/forum/r12623642 en Thu, 26 Nov 2009 08:53:07 EDT Thu, 26 Nov 2009 08:53:07 EDT Symantec Vulnerability - high risk per Symantec http://www.dslreports.com/forum/remark,12643101 EGeezer : This Topic deserves a bump since it involves a very large chunk of Symantec products that may be used by .

Here's a partial quote from Symantec;

SYM05-003
February 8, 2005
Symantec UPX Parsing Engine Heap Overflow

Revision History
2/9/2005 - Updated Vulnerability details and mitigations. Updated CVE Candidate Number

Risk Impact
High

Overview
Symantec resolved a potential remote access compromise vulnerability reported by ISS X-Force. The vulnerability was identified in an early version of a Symantec antivirus scanning module responsible for parsing UPX compressed files that is still in limited use in some Symantec security products.

The vulnerable component fails to do proper bounds checks when analyzing certain container files for virus content. An attacker sending a specifically crafted UPX file could potentially compromise the targeted system.

Vulnerable Products (vulnerable builds/Maintenance Releases (MR) where indicated)
Enterprise Products
Norton AntiVirus for Microsoft Exchange 2.1 prior to build 2.18.85
Symantec Mail Security for Microsoft Exchange 4.01 build 461
Symantec Mail Security for Microsoft Exchange 4.01 build 459

Symantec Mail Security for Microsoft Exchange 4.01 build 458
Symantec Mail Security for Microsoft Exchange 4.5 build 719
Symantec AntiVirus/Filtering for Domino NT 3.1 prior to build 3.1.1
Symantec Mail Security for Domino 4.0 prior to build 4.0.1
Symantec AntiVirus/Filtering for Domino Ports 3.0
(AIX) prior to build 3.0.6
(OS400, Linux, Solaris) prior to build 3.0.7
Symantec AntiVirus Scan Engine 4.0.X all versions
Symantec AntiVirus Scan Engine 4.3.X prior to build 4.3.3
Symantec AntiVirus Scan Engine for ISA 4.0.X all versions
Symantec AntiVirus Scan Engine for ISA 4.3.x prior to build 4.3.3
Symantec AntiVirus Scan Engine for Netapp Filer 4.0.X All versions
Symantec AntiVirus Scan Engine for Netapp Filer 4.3.X prior to build 4.3.3
Symantec AntiVirus Scan Engine for Netapp NetCache 4.0.X All versions
Symantec AntiVirus Scan Engine for Netapp NetCache 4.3.X prior to build 4.3.3
Symantec AntiVirus Scan Engine for Bluecoat 4.0.X All versions
Symantec AntiVirus Scan Engine for Bluecoat 4.3.X prior to build 4.3.3
Symantec AntiVirus Scan Engine for Filers 4.3.X prior to build 4.3.3
Symantec AntiVirus Scan Engine for Caching 4.3.X prior to build 4.3.3

Symantec AntiVirus for SMTP 3.1.X prior to build 3.1.7
Symantec Mail Security for SMTP 4.0 prior to build 4.0.2
Symantec Web Security 3.0 .1.X prior to build 3.0.1.70
Symantec BrightMail AntiSpam 4.0 All
Symantec BrightMail AntiSpam 5.5 All

Symantec AntiVirus Corporate Edition 9.0 9.0.0.338
Symantec AntiVirus Corporate Edition 8.1.1 Build 8.1.1.314a
Symantec AntiVirus Corporate Edition 8.1.1 Build 8.1.1.319
Symantec AntiVirus Corporate Edition 8.1.1 Build 8.1.1.323
Symantec AntiVirus Corporate Edition 8.1.1 Build 8.1.1.329

Symantec AntiVirus Corporate Edition 8.01 Build 8.01.434
Symantec AntiVirus Corporate Edition 8.01 Build 8.01.437
Symantec AntiVirus Corporate Edition 8.01 Build 8.01.446
Symantec AntiVirus Corporate Edition 8.01 Build 8.01.457
Symantec AntiVirus Corporate Edition 8.01 Build 8.01.460
Symantec AntiVirus Corporate Edition 8.01 Build 8.01.464
Symantec AntiVirus Corporate Edition 8.01 Build 8.01.471

Symantec Client Security 2.0 Build 9.0.0.338
Symantec Client Security 1.1.1 MR1 Build 8.1.1.314a
Symantec Client Security 1.1.1 MR2 Build 8.1.1.319
Symantec Client Security 1.1.1 MR3 Build 8.1.1.323
Symantec Client Security 1.1.1 MR4 Build 8.1.1.329
Symantec Client Security 1.1.1 MR5 Build 8.1.1.336

Symantec Client Security 1.0.1 MR3 Build 8.01.434
Symantec Client Security 1.0.1 Build 8.01.437
Symantec Client Security 1.0.1 MR4 Build 8.01.446
Symantec Client Security 1.0.1 MR5 Build 8.01.457
Symantec Client Security 1.0.1 MR6 Build 8.01.460
Symantec Client Security 1.0.1 MR7 Build 8.01.464
Symantec Client Security 1.0.1 MR8 Build 8.01.471
Symantec Gateway Security 2.0, 2.0.1 - 5400 Series
Symantec Gateway Security 1.0 - 5300 Series

Consumer Products

Symantec Norton Antivirus 2004 for Windows
Symantec Norton Internet Security 2004 (pro) for Windows
Symantec Norton System Works 2004 for Windows
Symantec Norton Antivirus 8.0 for Macintosh
Symantec Norton Internet Security 2.0 for Macintosh
Symantec Norton System Works 7.0 for Macintosh
Symantec Norton Antivirus 2004 for Macintosh
Symantec Norton Internet Security 2004 for Macintosh
Symantec Norton System Works 2004 for Macintosh
Symantec Norton Antivirus 9.0 for Macintosh
Symantec Norton Internet Security for Macintosh 3.0
Symantec Norton System Works for Macintosh 3.0

Non-Vulnerable Products (initial non-vulnerable build/Maintenance Release (MR) where indicated)
Enterprise Products
Norton AntiVirus for Microsoft Exchange 2.18 2.18.82 and earlier
Norton AntiVirus for Microsoft Exchange 2.18 2.18.85 and later
Symantec Mail Security for Microsoft Exchange 4.0 Build 456 and earlier
Symantec Mail Security for Microsoft Exchange 4.0 Build 463
Symantec Mail Security for Microsoft Exchange 4.0 Build 465
Symantec Mail Security for Microsoft Exchange 4.5 Build 736
Symantec Mail Security for Microsoft Exchange 4.5 Build 741
Symantec Mail Security for Microsoft Exchange 4.5 Build 743

Symantec Mail Security for Microsoft Exchange 4.6
Symantec AntiSpam for SMTP 3.1
Symantec AntiVirus/Filtering for Domino NT 3.1 3.1.1
Symantec Mail Security for Domino 4.0 4.0.1
Symantec Mail Security for Domino 4.1 All
Symantec AntiVirus/Filtering for Domino Ports 3.0
(AIX) 3.0.6
(OS400, Linux, Solaris) 3.0.7
Symantec AntiVirus Scan Engine 4.3 4.3.3
Symantec AntiVirus Scan Engine for ISA 4.3.X 4.3.3
Symantec AntiVirus Scan Engine for Netapp Filer 4.3.X 4.3.3
Symantec AntiVirus Scan Engine for Netapp NetCache 4.3.X 4.3.3
Symantec AntiVirus for Caching 4.3.3
Symantec AntiVirus Scan Engine for Microsoft Portal Server 4.3.X
Symantec AntiVirus Scan Engine for Bluecoat 4.3.X 4.3.3
Symantec AntiVirus Scan Engine for Filers 4.3.X 4.3.3
Symantec AntiVirus for Microsoft Office
SharePoint Portal Server 2003 All
Symantec AntiVirus for SMTP 3.1 3.1.7
Symantec Mail Security for SMTP 4.0 4.0.2
Symantec Mail Security for SMTP 4.1
Symantec Web Security 3.0 3.0.1.70
Symantec BrightMail AntiSpam 6.0 All
Symantec BrightMail AntiSpam 4.0 (Disable DEC2EXE per mitigation instructions)
Symantec BrightMail AntiSpam 5.5 (Disable DEC2EXE per mitigation instructions)

Symantec AntiVirus Corporate Edition 9.0 Build 9.0.1.1.1000
Symantec AntiVirus Corporate Edition 8.1.1 Build 9.1.0.825a
Symantec AntiVirus Corporate Edition 8.1.1 Build 8.1.1.366
Symantec AntiVirus Corporate Edition 8.0 Build 8.01.9374
Symantec AntiVirus Corporate Edition 8.0 Build 8.01.9378
Symantec AntiVirus Corporate Edition 8.0 Build 8.01.425a/b
Symantec AntiVirus Corporate Edition 8.0 Build 8.01.429c
Symantec AntiVirus Corporate Edition 8.0 Build 8.01.501

Symantec Client Security 2.0.1 MR1 Build 9.0.1.1.1000
Symantec Client Security 2.0.2 MR2 Build 9.0.1.2.1000
Symantec Client Security 2.0.3 MR3 Build 9.0.1.3.1000

Symantec Client Security 1.1 Initial STM Release Build 8.1.0.825a
Symantec Client Security 1.1.1 MR6 Build 8.1.1.366
Symantec Client Security 1.0 Build 8.01.9374
Symantec Client Security 1.0.0 Build 8.01.9378
Symantec Client Security 1.0.1 MR1 Build 8.01.425a/b
Symantec Client Security 1.0.1 MR2 Build 8.01.429c
Symantec Client Security 1.0.1 MR9 Build 8.01.501

Symantec Norton AntiVirus 7.6 (does not install the vulnerable module)
Symantec Mail-Gear
Symantec I-Gear
Symantec AntiVirus for HandHelds - Corporate Edition (does not install the DEC2EXE module)
Symantec Client Security for Nokia Communicator (does not install the DEC2EXE module)

Consumer Products
Symantec Norton Antivirus 2003
Symantec Norton Internet Security 2003 (pro)
Symantec Norton System Works 2003
Symantec Norton AntiVirus 2005
Symantec Norton Internet Security 2005
Symantec Norton System Works 2005 (Premier)
Symantec AntiVirus for Handhelds (does not install the DEC2EXE module)
This from CRN - »www.crn.com/sections/security/se···59302444

Symantec alert at »securityresponse.symantec.com/av···.08.html

»xforce.iss.net/xforce/alerts/id/187 ]]> http://www.dslreports.com/forum/remark,12643101 Fri, 11 Feb 2005 12:29:47 EDT Re: Possible issue with Symantec AntiVirus http://www.dslreports.com/forum/remark,12624113 Brian in MD : Maybe for the standalone products, but the way I (and the others here) am reading this, you will actually have to apply a product update to secure your PC - at least for the Enterprise level application.]]> http://www.dslreports.com/forum/remark,12624113 Wed, 09 Feb 2005 13:07:53 EDT Re: Possible issue with Symantec AntiVirus http://www.dslreports.com/forum/remark,12623708 B : Interesting exploit.

Symantec's page implies that an ordinary LiveUpdate will cure the problem for those affected.

-- B
--
In a realm outside causality and function]]> http://www.dslreports.com/forum/remark,12623708 Wed, 09 Feb 2005 12:09:24 EDT Possible issue with Symantec AntiVirus http://www.dslreports.com/forum/remark,12623642 Brian in MD : Saw this today - »xforce.iss.net/xforce/alerts/id/187

which references: »www.symantec.com/avcenter/securi···.08.html

Anybody have any other information on this? So far Symantec hasn't been able to give me too much, and the updates their techsupport page refers to don't seem to exist.]]> http://www.dslreports.com/forum/remark,12623642 Wed, 09 Feb 2005 12:01:12 EDT