Norton AntiVirus for Mac OS X: update resolves vulnerability

From: Aron Roberts <aron_at_socrates.berkeley.edu>
Date: Thu Jan 19 2006 - 13:43:38 PST

   In late December 2005, Symantec Corporation acknowledged a security
vulnerability in its anti-virus software:

Symantec AntiVirus Decomposition Buffer Overflow
SYM05-027
December 21, 2005
http://www.symantec.com/avcenter/security/Content/2005.12.21b.html

>Symantec is aware of a buffer overflow in its AntiVirus component
>used to decompose RAR (Roshal Archive). A specially crafted RAR file
>could potentially cause this buffer overflow to occur and possibly
>execute hostile content from the RAR file on the targeted system.

   This vulnerability affected not only Symantec's anti-virus products
for Windows, but also Norton AntiVirus (NAV) versions 10 and 9, the
campus site-licensed anti-virus software for Mac OS X, as noted in
this ZDNet Australia article:

<http://www.zdnet.com.au/news/security/soa/Norton_Anti_Virus_makes_Mac_OS_X_less_secure_/0,2000061744,39229157,00.htm>

   This is a follow-up on this issue: according to the Symantec
support article above, Macintosh virus definitions update(s) dated
January 4, 2006 or later resolve this vulnerability for both NAV 10.x
and 9.x for Mac OS X.

   Most of your NAV for Mac OS X users should have automatically
received these definitions by now; this is just to alert you that
there is a slight possibility that some may not.

   Some background information: when NAV 10.x is installed, a default
task is created, running from root's crontab, which invokes
LiveUpdate to check for virus definitions updates once a week, on
Fridays at 12:00 noon.

   Also of note, this default 'check for virus definitions updates'
task does *not* show up in the Norton Scheduler GUI interface, which
you can reach by clicking the "Schedule" button in NAV's main window.
Via that interface, you can set up additional scheduled events,
including setting up a task to check more frequently - such as daily
- for virus updates, if you so desire.

Aron Roberts
Workstation Software Support Group

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Thu Jan 19 13:48:02 2006

This archive was generated by hypermail 2.1.8 : Thu Jan 19 2006 - 13:48:02 PST