mercredi, février 09, 2005

Symantec Multiple Products UPX Parsing Engine Buffer Overflow

ISS X-Force has reported a vulnerability in multiple Symantec products, which can be exploited by malicious people to compromise a vulnerable system.


Description:
ISS X-Force has reported a vulnerability in multiple Symantec products, which can be exploited by malicious people to compromise a vulnerable system.


The vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file.


Successful exploitation allows execution of arbitrary code.


The vulnerability affects the following products:
* Norton AntiVirus for Microsoft Exchange 2.1 (prior to build 2.18.85)
* Symantec Mail Security for Microsoft Exchange 4.0 (prior to build 4.0.10.465)
* Symantec Mail Security for Microsoft Exchange 4.5 (prior to build 4.5.3)
* Symantec AntiVirus/Filtering for Domino NT 3.1 (prior to build 3.1.1)
* Symantec Mail Security for Domino 4.0 (prior to build 4.0.1)
* Symantec AntiVirus/Filtering for Domino Ports 3.0 for AIX (prior to build 3.0.6)
* Symantec AntiVirus/Filtering for Domino Ports 3.0 for OS400, Linux, Solaris (prior to build 3.0.7)
* Symantec AntiVirus Scan Engine 4.3 (prior to build 4.3.3)
* Symantec AntiVirus for Network Attached Storage (prior to build 4.3.3)
* Symantec AntiVirus for Caching (prior to build 4.3.3)
* Symantec AntiVirus for SMTP 3.1 (prior to build 3.1.7)
* Symantec Mail Security for SMTP 4.0 (prior to build 4.0.2)
* Symantec Web Security 3.0 (prior to build 3.0.1.70)
* Symantec BrightMail AntiSpam 4.0
* Symantec BrightMail AntiSpam 5.5
* Symantec AntiVirus Corporate Edition 9.0 (prior to build 9.01.1000)
* Symantec AntiVirus Corporate Edition 8.01, 8.1.1
* Symantec Client Security 2.0 (prior to build 9.01.1000)
* Symantec Client Security 1.0
* Symantec Gateway Security 2.0, 2.0.1 - 5400 Series
* Symantec Gateway Security 1.0 - 5300 Series
* Symantec Norton Antivirus 2004 for Windows
* Symantec Norton Internet Security 2004 (pro) for Windows
* Symantec Norton System Works 2004 for Windows
* Symantec Norton Antivirus 2004 for Macintosh
* Symantec Norton Internet Security 2004 for Macintosh
* Symantec Norton System Works 2004 for Macintosh
* Symantec Norton Antivirus 9.0 for Macintosh
* Symantec Norton Internet Security for Macintosh 3.0
* Symantec Norton System Works for Macintosh 3.0


Solution:
Updates are available (see the vendor advisory for details).

 

Google
 
Web eurenet.blogspot.com