Multiple Symantec Product Vuln

Printable View

Show 40 post(s) from this thread on one page

February 10th, 2005, 05:19 PM
Timmy77

From Symantec's site:

http://www.sarc.com/avcenter/securit...005.02.08.html

They have non-vulnerable versions of 8 and 9, but it is a whole new version - reinstallation required.

As for risk, I'd highly recommend not waiting. This vulnerability affects the scan engine itself, and Symantec has told us that symantec scans by header information - not extension.

So if I take an malicious .EXE, pack it with UPX...then rename the extension, it'll still exploit this vulnerability. Then, all I have to do is get a file on your system to nuke your system. Open shares, an e-mail attachment (or an e-mail attachment scanned by SAV).
February 10th, 2005, 05:56 PM
scratchONtheBOX

OMG!

:eek: OH MY GOD!

Norton Antivirus Version 10.0.1.13 (Norton SystemWorks 2004 Version: 7.00 Build: 81 ) - So I need a new version, is that it? But based on their ONLINE SECURITY RISKS CHECKING TOOL, I still have an updated version (well, just a thought)! Eh...

:rolleyes:
February 10th, 2005, 09:58 PM
Und3ertak3r

Hmm interesting......

Heres me telling customers that the NAV was a crock of shite..
the number of broken machines that had fully updated defs and prog files that were still being stung has had me supprised. I was thinking that many just didn't know or were using mistruths when being surveyed..
Now I think I acn see why.. the bloody anti-virus was excuting the virus. I only wish that I had the time to analyse all of my customers machines to pin-point where, when and how they became infected.
As I said I wish I had the time and money to do a forensics on customers machines, I would estimate that about 40% of the repair work that I have done could have come from this and or similar bug. .. my suspicion that this is just one of a group of bugs in Symantec AV products that allow a virus to execute, certainly there are problems with the spyware/adware engine, a gaping hole that leaves a machine filed with Parasites and wide open to any old virus/worm/trojan to walk in..

cheers
February 10th, 2005, 10:17 PM
SawPer

Extra info:

I was wondering, what about even older versions of NAV CED? Like v7.5 and stuff? They are not even mentioned on the alert page.
So I sit for another 25 minutes on hold waiting for Symantec support on the phone...

Turns out that the v7 is not affected by this threat! :)
BUT! If you still have v7.5, your product is NOT supported at all!
And if you have v7.6, support will expire this March, so you better get the latest version and upgrade anyway.. !

Welcome to the fun weekend! ;)
May 16th, 2005, 06:45 PM
sickofnorton

hey, i realize this is off topic, but i was wondering if you guys could help me out..... i was updating norton corporate to v 10 using symantec system center, but some of the pcs wouldn't take the update, so i tried doing a manual install and it still didn't work.... anyone know why this might be?
May 16th, 2005, 06:51 PM
Timmy77

What version is your parent server? From what I understand that needs to be 10 before you try to upgrade any of your clients.
May 16th, 2005, 06:52 PM
morganlefay

I have had problems "updating" Norton products.

Usually you have to remove the older version...reboot...then update the WS.

Also legacy systems (98\ME\NT) ...you have to use an older version (legacy disk) and manually install that way. AFAIK...8.x plus wont install on anything other than XP\2000. The older software still will communicate with the AV server for updates though...only the 7.X versions were more of a resource hog then the newer ones...not including the network traffic\communication issues in the older versions.

If that doesnt work...Symantec have a Reg cleaner tool on thier site which may helps removing previous versions...allowing you then to install the updated product.

MLF
May 17th, 2005, 09:45 PM
sickofnorton

yeah, thats what i ended up doing, but now one of them gives me an error during the install - cannont find NavCE.msi :( does that mean the file is missing from that pc? if so how do i get it back?
May 17th, 2005, 09:58 PM
morganlefay

Tried the symantec site...????

http://search.symantec.com/custom/us/query.html

You havent stated what OS you are running on the client??

MLF
May 17th, 2005, 09:59 PM
thehorse13

Call Symantec and ask for the Symantec removal tool. It's not supported but it does a nice job of stripping out bad installs. It runs from the command prompt via a batch file. I know, nothing better than an old DOS batch file but the results are surprisingly good.

After that, attempt your Ver10 install again.

Show 40 post(s) from this thread on one page