I received an e-mail from Symantec announcing that they've released a patch
for this exploit. Unfortunately, according to their website for the SCS
3.02 patch
(http://www.symantec.com/techsupp/enterprise/products/sym_client_security/scs_3/files.html),
a patch isn't being released for licensed versions of 3.02 and they're
suggesting we upgrade to 3.1 which is only available as an early adopter on
the campus software website. I'm assuming our software is licensed. Has
anyone found a work-around to this or tried to install the patch for the
unlicensed version?
Thanks,
Cheryl
<<<:>>>
At 10:58 AM 5/26/2006, Allison Henry wrote:
>As you may be aware, a vulnerability was recently reported in Symantec
>Anti-virus desktop software that if, exploited, could allow an attacker
>to execute malicious code with SYSTEM level access (see information
>below). The version of Symantec Anti-virus available on
>http://software.berkeley.edu, and included in the C_at_B CD, is vulnerable
>to this exploit. SNS is aware of the vulnerability and is working on
>solutions to help mitigate the threat.
>
>Please be aware that this vulnerability has been reported to Symantec by
>a security research group, and no exploits of this vulnerability have
>been released at this time. Symantec will be releasing an update
>shortly, so to prepare make sure your LiveUpdate software is working
>properly so you can receive updates when they become available. When an
>update is released or we get any new information on this issue, we will
>update the appropriate mailing lists.
>
>
>For more information:
>
>http://www.cnn.com/2006/TECH/internet/05/25/antivirus.flaw.ap/index.html
>
>and
>
>http://eeye.com/html/research/upcoming/20060524.html
>
>Upcoming Advisories
>
>Date Reported:
>May 24, 2006
>
>Vendor:
>Symantec
>
>Description:
>A remotely exploitable vulnerability exists within the Symantec
>Antivirus program. This flaw does not require any end user interaction
>for exploitation and can compromise affected systems, allowing for the
>execution of malicious code with SYSTEM level access.
>
>Severity:
>High (Remote Code Execution)
>
>Remote Code Execution:
>Yes
>
>Software Affected:
>Symantec Antivirus 10.x
>Symantec Client Security 3.x
>(Other Symantec Antivirus products are also potentially affected,
>waiting for vendor list)
>
>Status:
>Initial report stage
>
>--
>Allison Henry
>System and Network Security
>University of California, Berkeley
>http://security.berkeley.edu
>-------------------------------------
>Sent via the ucb-security mailing list.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Tue May 30 09:26:07 2006
This archive was generated by hypermail 2.1.8 : Tue May 30 2006 - 09:26:09 PDT