copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
By Operating...
»
Windows (all)
» AA-2005.0033 -- [Win] -- Buffer overflow in Symantec...
AA-2005.0033 -- [Win] -- Buffer overflow in Symantec AntiVirus products
Date:
21 December 2005
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AA-2005.0033 AUSCERT Advisory [Win] Buffer overflow in Symantec AntiVirus products 21 December 2005 - --------------------------------------------------------------------------- AusCERT Advisory Summary ------------------------ Product: Symantec AntiVirus Symantec Brightmail AntiSpam Symantec Client Security Symantec Mail Security Symantec Norton AntiVirus Symantec Norton Internet Security Symantec Web Security Operating System: Windows Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated Member-only until: Wednesday, January 18 2006 Original Bulletin: http://www.rem0te.com/public/images/symc2.pdf http://secunia.com/advisories/18131/ OVERVIEW: Multiple Symantec AntiVirus products are vulnerable[1] to a heap- based buffer overflow vulnerability in its RAR file handling routines. This could allow a remote attacker to execute arbitrary code on the affected machines, in some cases irrespective of whether a user has opened an emailed RAR file or even read the email it is attached to. IMPACT: An attacker could execute arbitrary code or commands on an affected machine by sending a specially crafted RAR file via email to a user on that machine. This could then be leveraged to access otherwise inaccessible machines, or to lead to a system compromise. MITIGATION: At the time of writing this vulnerability has yet to be patched, however filtering of RAR files at email and proxy gateways or disabling scanning of RAR compressed files[2] will mitigate this problem. Note however that the latter may open machines to infection of viruses within RAR archives. REFERENCES: [1] Secunia Advisory SA18131 http://secunia.com/advisories/18131/ [2] Rem0te Advisory http://www.rem0te.com/public/images/symc2.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQ6jWOyh9+71yA2DNAQKQVQQAmvk/pCKQi0A5YYGLBfnWjLycIUW2I5k6 RTU3Wme3Bl8+dWZK/6ute8zv35ZRHkddIHPiaeafx0qFsn068JPO7OKKtj0LCfMD hnhWtumNmBgFV1qCwNVKauTMLvNylYePbBZtT58HLzXEZLz6BsHqcmeOVbarPLNE RR6i4gL9tVY= =Q4yF -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=21&it=5860