|
Advisory Number: AV05-006
Symantec UPX Parsing Engine Heap Overflow
09 February 2005
PURPOSE
The purpose of this advisory is to bring attention to a Symantec UPX
Parsing Engine Heap Overflow vulnerability.
ASSESSMENT
A vulnerability exists in the DEC2EXE parsing engine module used in earlier
versions of the Symantec scan engine. The vulnerable DEC2EXE engine
contained a heap overflow that could be initiated by sending a specifically
crafted UPX file that would be parsed by the vulnerable DEC2EXE engine.
If successfully exploited, the attack could potentially result in remote
arbitrary code execution and possible compromise of the targeted system.
AFFECTED PRODUCTS
Enterprise Products
- Norton AntiVirus for Microsoft Exchange 2.1 prior
to build 2.18.85
- Symantec Mail Security for Microsoft Exchange 4.0
prior to build 4.0.10.465
- Symantec Mail Security for Microsoft Exchange
4.5 prior to build 4.5.3
- Symantec AntiVirus/Filtering for Domino
NT 3.1 prior to build 3.1.1
- Symantec Mail Security for Domino 4.0 prior
to build 4.0.1
- Symantec AntiVirus/Filtering for Domino Ports 3.0
- (AIX) prior to build 3.0.6
- (OS400, Linux, Solaris) prior to build 3.0.7
- Symantec AntiVirus Scan Engine 4.3 prior to build 4.3.3
- Symantec
AntiVirus for Network Attached Storage prior to build 4.3.3
- Symantec
AntiVirus for Caching prior to build 4.3.3
- Symantec AntiVirus for
SMTP 3.1 prior to build 3.1.7
- Symantec Mail Security for SMTP 4.0
prior to build 4.0.2
- Symantec Web Security 3.0 prior to build 3.0.1.70
- Symantec BrightMail AntiSpam 4.0
- All Symantec BrightMail AntiSpam
5.5
- All Symantec AntiVirus Corporate Edition 9.0 prior to build 9.01.1000
(MR 1 not available in all regions)
- Symantec AntiVirus Corporate
Edition 8.01, 8.1.1
- Symantec Client Security 2.0 prior to build 9.01.1000 (MR 1 not available
in all regions)
- Symantec Client Security 1.0, 1.0
- Symantec Gateway Security
2.0, 2.0.1 - 5400
- Series Symantec Gateway Security 1.0 - 5300 Series
Consumer Products
- Symantec Norton Antivirus 2004 for Windows
- Symantec Norton Internet Security 2004 (pro) for Windows
- Symantec Norton System Works 2004 for Windows
- Symantec Norton Antivirus 2004 for Macintosh
- Symantec Norton Internet Security 2004 for Macintosh
- Symantec Norton System Works 2004 for Macintosh
- Symantec Norton Antivirus 9.0 for Macintosh
- Symantec Norton Internet Security for Macintosh 3.0
- Symantec Norton System Works for Macintosh 3.0
SUGGESTED ACTION
PSEPC recommends that System Administrators test and upgrade to the appropriate
product update immediately.
Additional information is available at:
http://www.sarc.com/avcenter/security/Content/2005.02.08.html
http://xforce.iss.net/xforce/alerts/id/187
Note to Readers
Public Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyse threats and to issue alerts, advisories and other information products to our partners. To report threats or incidents, please contact the PSEPC operations coordination centre at (613) 991-7000 or goc-cog@psepc-sppcc.gc.ca by e-mail.
Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The RCMP National Operations Centre (NOC) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The NOC can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620.
Links to sites not under the control of the Government of Canada (GoC) are provided solely for the convenience of users. The GoC is not responsible for the accuracy, currency or the reliability of the content. The GoC does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content.
|
|