IT-DISCUSS Archives

January 2006

IT-DISCUSS@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Stefanie Ploof <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Date:
Tue, 10 Jan 2006 10:54:37 -0500
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (56 lines)
A version of Symantec Antivirus for Windows which patches the library heap
overflow/RAR file vulnerability announced in December (see below) is now
available from the UVM software download site
(http://www.uvm.edu/software).

All Windows computers running Symantec Antivirus version 10 should be
updated to Symantec Antivirus 10.0.2.2001 at this time to protect systems
from the vulnerability.  Testing of the newest version has shown that
installing over previous versions will work, although it is advised that
the previous version be removed via Control Panel -> Add/Remove Programs
before installing this newest version.

Macintosh Symantec Antivirus version 9 is also affected by the
vulnerabilty.  All Macintosh users are encouraged to delete version 9 from
their systems and install version 10 from the UVM software download site
(http://www.uvm.edu/software).

Questions or problems with installation should be reported to the
CIT Helpline (http://www.uvm.edu/cit/help or 6-2604).



On Thu, 22 Dec 2005, Stefanie Ploof wrote:

> This week a report was released that Symantec Antivirus Corporate Edition
> 10.x (PC), Symantec Norton Antivirus 9.x (Mac), and Symantec Norton
> Antivirus for Exchange 2.x products are vulnerable to a library heap
> overflow if Symantec AV scans .RAR files while they are being
> decompressed, resulting in the potential for the Symantec Antivirus
> product to be exploited by a malicious hacker who can take control of a
> system.
>
> Symantec has not released a patch for this vulnerability.  In the meantime
> I have changed the central Symantec servers to scan certain file types
> rather than all file types in auto-protect mode.  The list of currently
> auto-protected file types is the default list that Symantec provides, as
> well as .ZIP files.  As would be assumed, .RAR files are not being scanned
> via auto-protect at this time.  Please note that this change only affects
> auto-protect scanning on PCs.  Macintosh Symantec/Norton Antivirus and
> Symantec Norton Antivirus for Exchange are -not- protected by the central
> servers, so Macintosh users and Exchange server administrators must either
> choose to disable auto-protect via the Norton Antivirus options or choose
> not to download and decompress .RAR files while the vulnerability still
> exists.
>
> More information about the vulnerability is available at:
> http://news.zdnet.co.uk/internet/security/0,39020375,39243160,00.htm
> http://xforce.iss.net/xforce/alerts/id/187
>
> A full list of affected products is available at:
> http://secunia.com/advisories/18131/
>
> When Symantec does release a patch the CIT Antivirus team will provide
> further instruction or information.
>

ATOM RSS1 RSS2