IT-DISCUSS Archives

January 2006

IT-DISCUSS@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Alison Pechenick <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Date:
Tue, 10 Jan 2006 11:24:18 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (79 lines)
Stef, I know there are two versions of this software in the archive, the 
"managed" and "unmanaged", depending on whether the system involved is 
used on- or off-campus.

What is recommended for those of us who take our laptops back and forth 
to campus?

Thank you,

Alison

Stefanie Ploof wrote:
> A version of Symantec Antivirus for Windows which patches the library heap
> overflow/RAR file vulnerability announced in December (see below) is now
> available from the UVM software download site
> (http://www.uvm.edu/software).
> 
> All Windows computers running Symantec Antivirus version 10 should be
> updated to Symantec Antivirus 10.0.2.2001 at this time to protect systems
> from the vulnerability.  Testing of the newest version has shown that
> installing over previous versions will work, although it is advised that
> the previous version be removed via Control Panel -> Add/Remove Programs
> before installing this newest version.
> 
> Macintosh Symantec Antivirus version 9 is also affected by the
> vulnerabilty.  All Macintosh users are encouraged to delete version 9 from
> their systems and install version 10 from the UVM software download site
> (http://www.uvm.edu/software).
> 
> Questions or problems with installation should be reported to the
> CIT Helpline (http://www.uvm.edu/cit/help or 6-2604).
> 
> 
> 
> On Thu, 22 Dec 2005, Stefanie Ploof wrote:
> 
> 
>>This week a report was released that Symantec Antivirus Corporate Edition
>>10.x (PC), Symantec Norton Antivirus 9.x (Mac), and Symantec Norton
>>Antivirus for Exchange 2.x products are vulnerable to a library heap
>>overflow if Symantec AV scans .RAR files while they are being
>>decompressed, resulting in the potential for the Symantec Antivirus
>>product to be exploited by a malicious hacker who can take control of a
>>system.
>>
>>Symantec has not released a patch for this vulnerability.  In the meantime
>>I have changed the central Symantec servers to scan certain file types
>>rather than all file types in auto-protect mode.  The list of currently
>>auto-protected file types is the default list that Symantec provides, as
>>well as .ZIP files.  As would be assumed, .RAR files are not being scanned
>>via auto-protect at this time.  Please note that this change only affects
>>auto-protect scanning on PCs.  Macintosh Symantec/Norton Antivirus and
>>Symantec Norton Antivirus for Exchange are -not- protected by the central
>>servers, so Macintosh users and Exchange server administrators must either
>>choose to disable auto-protect via the Norton Antivirus options or choose
>>not to download and decompress .RAR files while the vulnerability still
>>exists.
>>
>>More information about the vulnerability is available at:
>>http://news.zdnet.co.uk/internet/security/0,39020375,39243160,00.htm
>>http://xforce.iss.net/xforce/alerts/id/187
>>
>>A full list of affected products is available at:
>>http://secunia.com/advisories/18131/
>>
>>When Symantec does release a patch the CIT Antivirus team will provide
>>further instruction or information.
>>

-- 
Alison Pechenick, Lecturer
Department of Computer Science
College of Engineering & Mathematical Sciences
351 Votey Building
University of Vermont
Burlington, VT 05405
(802)656-2547
http://www.cems.uvm.edu/~apecheni

ATOM RSS1 RSS2