Symantec Client Security and Symantec Anti Virus Elevation of Privilege

Symantec Client Security and Symantec Anti Virus Elevation of Privilege: Posted by David H. Lipman on June 13th, 2006; FYI

-----BEGIN PGP SIGNED MESSAGE-----

__________________________________________________ ________

The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________ ________

INFORMATION BULLETIN

Symantec Client Security and Symantec AntiVirus Elevation of Privilege
[SYM06-010]

June 13, 2006 17:00 GMT Number Q-218
__________________________________________________ ____________________________
PROBLEM: Symantec Client Security and Symantec AntiVirus Corporate
Edition are susceptible to a potential stack overflow.
PLATFORM: Products Affected
Symantec Client Security 3.1
3.1.0.394
3.1.0.400
Symantec Client Security 3.0
3.0.2.2000
3.0.2.2001
3.0.2.2010
3.0.2.2020
3.0.1.1007
3.0.1.1000
Symantec Antivirus Corporate Edition 10.1
10.1.0.394
10.1.0.400
10.1.0.394 64 bit
10.0.2.2000
10.0.2.2001
10.0.2.2010
10.0.2.2020
10.0.1.1007
10.0.1.1000
Note: All builds listed above are English versions only.
Information on localized product builds can be found in the
Upgrade Information section below.
DAMAGE: Could potentially cause a system crash, or allow a remote or
local attacker to execute arbitrary code with System level
rights on the affected system.
SOLUTION: Upgrade to the appropriate version.
__________________________________________________ ____________________________
VULNERABILITY The risk is HIGH. Could potentially cause a system crash, or
ASSESSMENT: allow a remote or local attacker to execute arbitrary code with
System level rights on the affected system.
__________________________________________________ ____________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-218.shtml
ORIGINAL BULLETIN: Symantec SYM06-010

http://securityresponse.symantec.com...006.05.25.html
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2006-2630
__________________________________________________ ____________________________

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBRI77prnzJzdsy3QZAQGbWwP/ez02sYkI8rwHPRng6k5+HVP528+PfLbK
Qeo8t/uCdfeYHwyzcS534bFfMOtyXyOsTBxNDXF2zKYe2fKmoORAFDEh L94pq9fR
4Ff5rkFB2HkH4KEgFfNTdmwudcOrnkTupwqSKhPmZAlMaRdESp Pxdf8hTuOO7XzJ
C7ko10qwRJA=
=4Jds
-----END PGP SIGNATURE-----

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by David H. Lipman on June 13th, 2006; From: "Leythos" <void@nowhere.lan>

| David, the information is more than a month old on the Symantec site.

| Does your post indicate that there is something new involved?

Nope. But it does itemize the versions.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by optikl on June 14th, 2006; David H. Lipman wrote:
-218
For example, I was running 10.1.0.400. That has been "patched" and now
I'm running 10.1.0.401, which is not vulnerable. There are patches for
the other products listed, as well.; Posted by David H. Lipman on June 14th, 2006; From: "optikl" <optikl@ioptikl.net>

| Dave, there are patches released, since May 27, that fix the problem.
| For example, I was running 10.1.0.400. That has been "patched" and now
| I'm running 10.1.0.401, which is not vulnerable. There are patches for
| the other products listed, as well.

Right !

And hopefully those who wre not cognizant of what needs to be patched will read this thread
and take the appropriate action.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by Virus Guy on June 14th, 2006; "David H. Lipman" wrote:

What is "Symantec client security" ?

Does being behind a NAT router mitigate this vulnerability?

Does any version of corporate edition 9.x have this vulnerability?

What about NAV?; Posted by Tom Willett on June 14th, 2006; "Does any version of corporate edition 9.x have this vulnerability?"

If you read the link on Symantec's web site, you'd know the answer is "no".

Tom
"Virus Guy" <Virus@Guy.com> wrote in message
news:448F80E9.7AEF6AE3@Guy.com...; Posted by Virus Guy on June 14th, 2006; Leythos wrote:

Really?

Well then if you meant NO, then why didn't you say it?

Doesn't it take fewer keystrokes to say "NO" than to be an ass and
say:; Posted by adam.j.keagle@gmail.com on June 20th, 2006; Has anyone had any success or failure with implementation of these
patches?

While performing several installs of 10.0.2.2002 (to update
10.0.2.2000), it seems to kill the service. It stops listening on port
2967 and shows as offline in the Symantec System Center.

Leythos wrote:; Posted by David H. Lipman on June 20th, 2006; From: <adam.j.keagle@gmail.com>

| Has anyone had any success or failure with implementation of these
| patches?
|
| While performing several installs of 10.0.2.2002 (to update
| 10.0.2.2000), it seems to kill the service. It stops listening on port
| 2967 and shows as offline in the Symantec System Center.
|

I have had NO problems patching a few versions we use.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Similar Posts

Re: Symantec Not a Wise Choice of Anti-Virus Products (Virus & Worms) by JTB
Dumping Symantec-everything, looking for anti-virus and utilies recommendations (Computers & Technology) by All Things Mopar
Symantec Anti-Virus Corporate Ed. 8 (Computers & Technology) by Sens Fan Happy In Ohio
Symantec Antivirus Corporate vs. Norton Anti-Virus (Computer Security) by Johnny Canuck
Using original client IP w/ Symantec Web Security 3.0 (Virus & Worms) by Mike Hendrickson