Symantec/Norton: vulnerable or not? UPDATE and BUMP: Yep, they are.
(See the update at the bottom.)
A story released yesterday is claiming that the popular Norton security products for PC’s has a “gaping security flaw” that could permit hackers to exploit millions of user systems worldwide:
A gaping security flaw in the latest versions of Symantec’s anti-virus software suite could put millions of users at risk of a debilitating worm attack, Internet security experts warned May 25.
Researchers at eEye Digital Security, the company that discovered the flaw, said it could be exploited by remote hackers to take complete control of the target machine “without any user action.”
“This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” said eEye Digital Security spokesperson Mike Puterbaugh.
“We have confirmed that an attacker can execute code without the user clicking or opening anything,” Puterbaugh said.
eEye, based in Aliso Viejo, Calif., posted a brief advisory to raise the alarm about the bug, which can allow the execution of malicious code with system-level access.
The flaw carries a “high risk” rating because of the potential for serious damage, Puterbaugh said.
Symantec, of Cupertino, Calif., confirmed receipt of eEye’s warning and said an investigation was underway.
Pretty serious stuff. But Symantec’s response?
Overview
Symantec was notified about a potential remotely exploitable vulnerability affecting Symantec AntiVirus Corporate Edition 10.x.Norton products do not contain the code affected by this potential vulnerability, and none of the Norton products are affected by this issue.
Symantec Response
Symantec product teams are currently investigating this report. If necessary, we will provide updates for all currently supported products to resolve this issue.This advisory will be updated as additional information becomes available.
So, which is it? Is there a “gaping security flaw” in Norton or do those products “not contain the code affected by this potential vulnerability“? And if that’s the case, what’s the Symantec investigation investigating?
Someone’s either covering up or hyping up. The question of which it is will tell us who it is.
Update: Apparently, none of the “Norton” branded products are vulnerable – it’s just the Symantec branded anti-virus stuff that’s got the gaping security flaw. From Symantec’s site:
Revision History
May 26, 2006 – Updated Products Affected section and other detailsImpact
HighRemote Yes
Local Yes
Authentication Required No
Exploit publicly available NoOverview
A stack overflow in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a remote or local attacker to execute code on the affected machine.Products Affected
Product Version Build Solution
Symantec Client Security 3.1 All Pending
Symantec Antivirus Corporate Edition 10.1 All Pending Products Not Affected
Product Version
Norton Product line No products in the Norton product line are affected Details
Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system.Symantec Response
This advisory will be updated when product updates to address this issue are available.Upgrade Information
Symantec engineers have verified that this vulnerability exists in the product versions listed above. We are continuing to evaluate other versions of our software. This advisory will be updated when additional information is available.
This is a very serious issue. Symantec products are virtually everywhere in both the consumer and governmental sector. McAfee must be dancing for joy over this one. Might I suggest, if you’re a business IT guy, that you have a look at Cisco’s CSA?
Sorry, the comment form is closed at this time.
About
HoodaThunk? has moved to a new location: http://www.hoodathunkblog.com as of April 22, 2009. Please come over and visit us there.
Spotlight
Virginia ’09 Elections
Notice!: Contributions to campaigns of currently seated VA General Assembly members and statewide officers are not accepted while the General Assembly is in session per §24.2-954.
Bob McDonnell
Governor of Virginia
Bill Bolling
Lieutenant Governor of Virginia
Networks
Blogroll
StatCounter
Ric's Twitter
