SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
Search :
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

Symantec Antivirus Library Remote Heap Overflows


Arrow  SecurityAlert : 276
Arrow  CVE : CVE-2005-4438
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Given : No
Arrow  Credit : Alex Wheeler
Arrow  Published : 21.12.2005

Arrow  Affected Software :
Symantec Norton Antivirus 2004 for Windows
Symantec Norton Internet Security 2004 (pro) for Windows
Symantec Norton System Works 2004 for Windows
Symantec Norton Antivirus 2004 for Macintosh
Symantec Norton Internet Security 2004 for Macintosh
Symantec Norton System Works 2004 for Macintosh
Symantec Norton Antivirus 9.0 for Macintosh
Symantec Norton Internet Security for Macintosh 3.0
Symantec Norton System Works for Macintosh 3.0
Norton AntiVirus for Microsoft Exchange 2.1 prior to build 2.18.85
Symantec Mail Security for Microsoft Exchange 4.0 prior to build 4.0.10.465
Symantec Mail Security for Microsoft Exchange 4.5 prior to build 4.5.3
Symantec AntiVirus/Filtering for Domino NT 3.1 prior to build 3.1.1
Symantec Mail Security for Domino 4.0 prior to build 4.0.1
Symantec AntiVirus/Filtering for Domino Ports 3.0
(AIX) prior to build 3.0.6
(OS400, Linux, Solaris) prior to build 3.0.7
Symantec AntiVirus Scan Engine 4.3 prior to build 4.3.3
Symantec AntiVirus for Network Attached Storage prior to build 4.3.3
Symantec AntiVirus for Caching prior to build 4.3.3
Symantec AntiVirus for SMTP 3.1 prior to build 3.1.7
Symantec Mail Security for SMTP 4.0 prior to build 4.0.2
Symantec Web Security 3.0 prior to build 3.0.1.70
Symantec BrightMail AntiSpam 4.0
Symantec BrightMail AntiSpam 5.5
Symantec AntiVirus Corporate Edition 9.0 prior to build 9.01.1000
Symantec AntiVirus Corporate Edition 8.01, 8.1.1
Symantec Client Security 2.0 prior to build 9.01.1000
Symantec Client Security 1.0, 1.0
Symantec Gateway Security 2.0, 2.0.1 � 5400 Series
Symantec Gateway Security 1.0 � 5300 Series



Arrow  Advisory Text :  

Date
December 20, 2005

Vulnerability
The Symantec Antivirus Library provides file format support for virus
analysis. During decompression of RAR files Symantec is vulnerable to
multiple heap overflows allowing attackers complete control of the
system(s) being protected. These vulnerabilities can be exploited remotely
without user interaction in default configurations through common protocols
such as SMTP.

Impact
Successful exploitation of Symantec protected systems allows attackers
unauthorized control of data and related privileges. It also provides
leverage for further network compromise. Symantec implementations are
likely vulnerable in their default configuration. In default configurations
users are likely vulnerable regardless of whether they choose to open or
read the email.

Affected Products
Due to the libraryâ??s modular design and core functionality; it is likely
this vulnerability affects a substantial portion of Symantecâ??s gateway,
server, & client antivirus-enabled product lines on most platforms. In
fact, the scope of this vulnerability is likely similar to the one
described in the following link and also includes more current versions.

http://xforce.iss.net/xforce/alerts/id/187

Further, this library is also licensed to a substantial number of venders
with products/services that are likely affected. A small sample of these
vendors can be found in the following link.

http://www.symantec.com/partners/index.html

Recommendation
Disable scanning of RAR compressed files until the vulnerable code is
fixed.

Credit
This vulnerability was discovered and researched by Alex Wheeler.

Contact
security (at) rem0te (dot) com [email concealed]




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

Multiple Vendors libc/gdtoa printf(3) Array Overrun

Security Risk High- 2009-05-30

SecurityReason realised new advisory about vulnerabilities libc/gdtoa...

Apache RSS Apache Alert

» Apache Tomcat
   RequestDispatcher
   directory traversal
   vulnerability

» Apache mod_dav / svn
   Remote Denial of Service
   Exploit

» Apache Tomcat Information
   disclosure

» Apache Tomcat User
   enumeration vulnerability
   with FORM authentication

PHP RSS PHP Alert

» PHP 5.2.9 curl safe_mode
   & open_basedir bypass

» PHP 5.2.6 SAPI
   php_getuid() overload

» PHP
   ZipArchive::extractTo()
   Directory Traversal
   Vulnerability

» PHP 5.2.6 dba_replace()
   destroying file

Copyright © SecurityReason.com. All Rights Reserved.