Date: Thu Dec 22 2005 - 08:56:21 PST
Hi
Someone forwarded me this article and I'm trying to assess its
importance in my environment. I was not aware of the RAR format and
haven't encountered a need to decompress such a file.
We have 6 basic level users on various version of OS 10.X. What's
your impression? Feedback appreciated...
Michael
>>[]
>>
>><http://www.macfixit.com/index.php>
>>MacFixIt Logo
>>
>><http://www.techtracker.com>TechTracker Network |
>><http://www.versiontracker.com>VersionTracker |
>><http://www.techtracker.com/developer>Developers|
>>[]
>>
>>
>><http://www.macfixit.com/staticpages/index.php?page=20021011161622212>Email
>>Us |
>><http://www.macfixit.com/staticpages/index.php?page=20021011160220586>About
>>MFI <http://www.macfixit.com/search.php>Advanced
>>Search<http://www.macfixit.com/search.php>
>>[]
>>[]
>>[]
>>]
>>
>>\"Highly critical\" Flaw in discovered in Symantec AntiVirus
>>Wednesday, December 21 2005 @ 09:30 AM PST
>>Secure OS X <http://www.secureosx.com/symantec/antivirus>reports on
>>a "highly critical" flaw that has been discovered in Symantec's
>>AntiVirus software for Mac OS X.
>>The vulnerability occurs when AntiVirus is decompressing files
>>compressed in the RAR format for scanning. When AntiVirus is
>>performing this operation, it is susceptible to to multiple heap
>>overflows allowing attackers complete control of the system(s) being protected.
>>Secure OS X reports:
>>"These vulnerabilities can be exploited remotely without user
>>interaction in default configurations through common protocols such as SMTP.
>>"Successful exploitation of Symantec protected systems allows
>>attackers unauthorized control of data and related privileges. It
>>also provides leverage for further network compromise. Symantec
>>implementations are likely vulnerable in their default
>>configuration. In default configurations users are likely
>>vulnerable regardless of whether ! they choose to open or read the email."
>>The only solution at this point is to filter RAR archives at email
>>or proxy gateways, or disable and uninstall Norton AntiVirus.
>>Symantec last issued a
>><http://www.macfixit.com/article.php?story=20051021091707669>securit
>>y patch in late October. That patch resolved an issue where a
>>non-privileged user could change the execution path environment,
>>then execute the DiskMountNotify component and inherit the changed
>>environment and use it to locate system commands.
>>This flaw is the latest in a bevy of
>><http://www.macfixit.com/article.php?story=20051006072329919>other
>>issues caused by the AutoProtect component of Symantec's Norton
>>AntiVirus under Mac OS X 10.4.x including apparent corruption of
>>Mac OS X temp files that can result in spiking processor usage and
>>complete system unresponsiveness.
>>Until further notice, we recommend that users uninstall AntiVirus
>>via these
>><http://service1.symantec.com/SUPPORT/num.nsf/docid/2005051716291611?Open&src=&docid=2003051315420211&nsf=num.nsf&view=docid&dtype=%E2%88%8F=&ver=&osv=&osv_lvl=>instructions.
>>Feedback? <mailto:Late-breakers@macfixit.com>Late-breakers@macfixit.com.
>>
>>Comment on this story at
>>http://www.macfixit.com/article.php?story=20051221093111211#comments
>>
>
>------------------------------
>Michael Rimar
>Administrative Assistant
>UC Botanical Garden
>200 Centennial Drive #5045
>Berkeley, CA 94720-5045
>510-642-0849
>fax 510-642-3012
>http://botanicalgarden.berkeley.edu
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
