Date: 21 December 2005
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2005.0033 AUSCERT Advisory
[Win]
Buffer overflow in Symantec AntiVirus products
21 December 2005
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: Symantec AntiVirus
Symantec Brightmail AntiSpam
Symantec Client Security
Symantec Mail Security
Symantec Norton AntiVirus
Symantec Norton Internet Security
Symantec Web Security
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
Member-only until: Wednesday, January 18 2006
Original Bulletin: http://www.rem0te.com/public/images/symc2.pdf
http://secunia.com/advisories/18131/
OVERVIEW:
Multiple Symantec AntiVirus products are vulnerable[1] to a heap-
based buffer overflow vulnerability in its RAR file handling
routines.
This could allow a remote attacker to execute arbitrary code on the
affected machines, in some cases irrespective of whether a user has
opened an emailed RAR file or even read the email it is attached to.
IMPACT:
An attacker could execute arbitrary code or commands on an affected
machine by sending a specially crafted RAR file via email to a user
on that machine. This could then be leveraged to access otherwise
inaccessible machines, or to lead to a system compromise.
MITIGATION:
At the time of writing this vulnerability has yet to be patched,
however filtering of RAR files at email and proxy gateways or
disabling scanning of RAR compressed files[2] will mitigate this
problem. Note however that the latter may open machines to
infection of viruses within RAR archives.
REFERENCES:
[1] Secunia Advisory SA18131
http://secunia.com/advisories/18131/
[2] Rem0te Advisory
http://www.rem0te.com/public/images/symc2.pdf
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQ6jWOyh9+71yA2DNAQKQVQQAmvk/pCKQi0A5YYGLBfnWjLycIUW2I5k6
RTU3Wme3Bl8+dWZK/6ute8zv35ZRHkddIHPiaeafx0qFsn068JPO7OKKtj0LCfMD
hnhWtumNmBgFV1qCwNVKauTMLvNylYePbBZtT58HLzXEZLz6BsHqcmeOVbarPLNE
RR6i4gL9tVY=
=Q4yF
-----END PGP SIGNATURE-----
|