Symantec/Norton: vulnerable or not? UPDATE and BUMP: Yep, they are.
(See the update at the bottom.)
A story released yesterday is claiming that the popular Norton security products for PC’s has a “gaping security flaw” that could permit hackers to exploit millions of user systems worldwide:
A gaping security flaw in the latest versions of Symantec’s anti-virus software suite could put millions of users at risk of a debilitating worm attack, Internet security experts warned May 25.
Researchers at eEye Digital Security, the company that discovered the flaw, said it could be exploited by remote hackers to take complete control of the target machine “without any user action.”
“This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” said eEye Digital Security spokesperson Mike Puterbaugh.
“We have confirmed that an attacker can execute code without the user clicking or opening anything,” Puterbaugh said.
eEye, based in Aliso Viejo, Calif., posted a brief advisory to raise the alarm about the bug, which can allow the execution of malicious code with system-level access.
The flaw carries a “high risk” rating because of the potential for serious damage, Puterbaugh said.
Symantec, of Cupertino, Calif., confirmed receipt of eEye’s warning and said an investigation was underway.
Pretty serious stuff. But Symantec’s response?
Symantec was notified about a potential remotely exploitable vulnerability affecting Symantec AntiVirus Corporate Edition 10.x.
Norton products do not contain the code affected by this potential vulnerability, and none of the Norton products are affected by this issue.
Symantec product teams are currently investigating this report. If necessary, we will provide updates for all currently supported products to resolve this issue.
This advisory will be updated as additional information becomes available.
So, which is it? Is there a “gaping security flaw” in Norton or do those products “not contain the code affected by this potential vulnerability“? And if that’s the case, what’s the Symantec investigation investigating?
Someone’s either covering up or hyping up. The question of which it is will tell us who it is.
Update: Apparently, none of the “Norton” branded products are vulnerable – it’s just the Symantec branded anti-virus stuff that’s got the gaping security flaw. From Symantec’s site:
May 26, 2006 – Updated Products Affected section and other details
Authentication Required No
Exploit publicly available No
A stack overflow in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a remote or local attacker to execute code on the affected machine.
Product Version Build Solution
Symantec Client Security 3.1 All Pending
Symantec Antivirus Corporate Edition 10.1 All Pending
Products Not Affected
Norton Product line No products in the Norton product line are affected
Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system.
This advisory will be updated when product updates to address this issue are available.
Symantec engineers have verified that this vulnerability exists in the product versions listed above. We are continuing to evaluate other versions of our software. This advisory will be updated when additional information is available.
This is a very serious issue. Symantec products are virtually everywhere in both the consumer and governmental sector. McAfee must be dancing for joy over this one. Might I suggest, if you’re a business IT guy, that you have a look at Cisco’s CSA?
Sorry, the comment form is closed at this time.