Ref: NGSSoftware Advisories NISR19042004a and NISR19042004b

From: Sym Security (secure_at_symantec.com)
Date: 03/19/04

  • Next message: Gerald (Jerry) Carter: "Re: Samba 'smbprint' script tmpfile vulnerability."
    To: bugtraq@securityfocus.com
    Date: Fri, 19 Mar 2004 16:53:56 -0600
    
    

    In response to NGSSoftware Advisories NISR19042004a and NISR19042004b,

    ------------------------------------------------------------------
    Symantec Security Advisory

    SYM04-005

    19 March, 2004
    Symantec Norton Internet Security and Norton AntiSpam Remote Access
    Vulnerability

    Revision History
    None

    Risk Impact
    High

    Overview
    NGSsoftware notified Symantec of a security vulnerability NGSsoftware had
    found in the Symantec Norton Internet Security and Symantec Norton
    AntiSpam 2004. If properly exploited this vulnerability could allow remote
    execution of arbitrary code on a targeted system resulting in possible
    system compromise.

    Affected Components
    Symantec Norton Internet Security 2004 and Professional for Windows
    Symantec Norton AntiSpam 2004

    Details
    Symantec was alerted to a remote access vulnerability that NGSsoftware
    discovered while evaluating Symantec Norton Internet Security 2004 and
    Symantec Norton AntiSpam 2004. Symantec Norton Internet Security and
    Symantec Norton AntiSpam 2004 contain ActiveX components that do not do
    proper bounds checking of external input. A malicious individual could
    potentially exploit these weaknesses to launch a local application on the
    target system and possibly run arbitrary code of their choice on the local
    system with elevated privileges.

    To do this successfully, the attacker would need to either entice the
    targeted user to visit a location where the malicious code could be
    launched or to download and launch the malicious code on their system.
    Successful execution of these security issues could result in compromise
    of the targeted system.

    Symantec Response
    Symantec has verified the issues reported by NGSsoftware and released
    patches for both Symantec Norton Internet Security and Symantec Norton
    AntiSpam 2004 via Symantec LiveUpdate. Customers should run Symantec
    LiveUpdate manually to ensure all installed Symantec products are fully
    updated.
    Open any installed Symantec product
    Click on LiveUpdate in the toolbar
    Run LiveUpdate until all available Symantec product updates are
    downloaded and installed

    Symantec is unaware of any active exploits for or customer impact from
    these issues. Symantec will continue to evaluate the issues.

    As a part of normal best practices, Symantec recommends using a
    multi-layered approach to security. Users, at a minimum, should run both
    personal firewall and antivirus applications with current updates to
    provide multiple points of detection and protection to both inbound and
    outbound threats.

    Users should keep vendor-supplied patches for all application software and
    operating systems up-to-date.

    Users should further be wary of mysterious attachments and executables
    delivered via email and be wary of visiting unknown/untrusted websites.

    Do not open attachments or executables from unknown sources. Always err on
    the side of caution.

    Even if the sender is known, be wary of attachments if the sender does not
    fully explain the attachment content in the body of the email. You do not
    know the source of the attachment.

    If in doubt, contact the sender before opening the attachment. If still in
    doubt, delete the attachment without opening it.

    CVE
    Symantec has requested a Common Vulnerabilities and Exposures (CVE)
    candidate name for these issues. We will revise this Advisory upon
    receipt.

    This is a candidate for inclusion in the CVE list (http://cve.mitre.org),
    which standardizes names for security problems.

    Credit:
    Symantec appreciates the cooperation of Mark Litchfield and the
    NGSsoftware research team in identifying this issue.

    Symantec Product Security Contact:
    Symantec takes the security and proper functionality of its products very
    seriously. As founding members in the Organization for Internet Safety,
    Symantec follows the process of responsible disclosure. Please contact
    symsecurity@symantec.com if you feel you have discovered a potential or
    actual security issue with a Symantec product.

    Symantec strongly recommends using encrypted email for reporting
    vulnerability information to symsecurity@symantec.com. The SymSecurity
    PGP key may be obtained from the Symantec Security Response site.

    --------------------------------------------------------------------------------

    Copyright (c) 2004 by Symantec Corp.
    Permission to redistribute this alert electronically is granted as long as
    it is not edited in any way unless authorized by Symantec Security
    Response. Reprinting the whole or parts of this alert in any medium other
    than electronically requires permission from symsecurity@symantec.com.

    Disclaimer
    The information in the advisory is believed to be accurate at the time of
    publishing based on currently available information. Use of the
    information constitutes acceptance for use in an AS IS condition. There
    are no warranties with regard to this information. Neither the author nor
    the publisher accepts any liability for any direct, indirect, or
    consequential loss or damage arising from use of, or reliance on, this
    information.

    Symantec, Symantec products, and SymSecurity are registered trademarks of
    Symantec Corp. and/or affiliated companies in the United States and other
    countries. All other registered and unregistered trademarks represented in
    this document are the sole property of their respective companies/owners.


  • Next message: Gerald (Jerry) Carter: "Re: Samba 'smbprint' script tmpfile vulnerability."

    Relevant Pages