ATTN: Users of NAV/NSW/NIS 2004

Symantec UPX Parsing Engine Heap Overflow
http://secunia.com/advisories/14179
http://www.sarc.com/avcenter/securit...005.02.08.html
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

As of : February 10th 2005 19:38 UTC
http://isc.sans.org/diary.php?date=2005-02-09

* Updated: Serious Symantec Vulnerability, 1-day exploits, and the
missing 13th patch

Serious Symantec Vulnerability

Update: It appears that Symantec has not actually released the patches
as is mentioned on their web site. We have not found any patches for the
Symantec Antivirus Corporate Edition 8 and 9. We are investigating this
futher.
http://www.sarc.com/avcenter/securit...005.02.08.html *
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

PA Bear wrote:
Symantec UPX Parsing Engine Heap Overflow
http://secunia.com/advisories/14179
http://www.sarc.com/avcenter/securit...005.02.08.html

Thanks Robear. This is another hit against Symantec and a great reason to
avoid Symantec (Norton) products in the future.

"PA Bear" wrote in message
...
: As of : February 10th 2005 19:38 UTC
: http://isc.sans.org/diary.php?date=2005-02-09
:
: * Updated: Serious Symantec Vulnerability, 1-day exploits, and the
: missing 13th patch
:
: Serious Symantec Vulnerability
:
: Update: It appears that Symantec has not actually released the patches
: as is mentioned on their web site. We have not found any patches for the
: Symantec Antivirus Corporate Edition 8 and 9. We are investigating this
: futher.
: http://www.sarc.com/avcenter/securit...005.02.08.html *
: --
: ~Robear Dyer (PA Bear)
: MS MVP-Windows (Shell, IE/OE) & Security
:
: PA Bear wrote:
: Symantec UPX Parsing Engine Heap Overflow
: http://secunia.com/advisories/14179
: http://www.sarc.com/avcenter/securit...005.02.08.html

It sounds as though this may be important. I would therefore appreciate it
if someone could give a plain English explanation of what this means in
practical terms (i.e. what sort of threat does this pose)?

Thanks.

Bill Ridgeway

"PA Bear" wrote in message
...
Symantec UPX Parsing Engine Heap Overflow
http://secunia.com/advisories/14179
http://www.sarc.com/avcenter/securit...005.02.08.html --
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

In short - a buffer overflow bug is one where an input buffer in a program
can be caused to overflow by sending it unexpected data. In many cases this
causes a condition where the data that over-fills the buffer can be run on
the computer, in the case of a Windows 98 computer that means the program
(overflow data) will run with full administrator rights. That's bad.

Any buffer overflow bug/exploit should be considered a serious threat to
your computer since at the least it means the affected software will crash,
in Windows 98 usually taking the rest of the operating system with it. At
the most it means that someone else can run a program on your computer with
the same rights you have - erasing files, installing
spyware/adware/keyloggers/backdoors, re-routing your Internet connection for
their own malicious gains, and so on.

--
Richard G. Harper [MVP Shell/User]
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"Bill Ridgeway" wrote in message
...
It sounds as though this may be important. I would therefore appreciate
it if someone could give a plain English explanation of what this means in
practical terms (i.e. what sort of threat does this pose)?

Thanks.

Bill Ridgeway

"PA Bear" wrote in message
...
Symantec UPX Parsing Engine Heap Overflow
http://secunia.com/advisories/14179
http://www.sarc.com/avcenter/securit...005.02.08.html --
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

"PA Bear" wrote in message
...
As of : February 10th 2005 19:38 UTC
http://isc.sans.org/diary.php?date=2005-02-09

* Updated: Serious Symantec Vulnerability, 1-day exploits, and the
missing 13th patch

Serious Symantec Vulnerability

Update: It appears that Symantec has not actually released the patches
as is mentioned on their web site. We have not found any patches for the
Symantec Antivirus Corporate Edition 8 and 9. We are investigating this
futher.
http://www.sarc.com/avcenter/securit...005.02.08.html * --
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

PA Bear wrote:
Symantec UPX Parsing Engine Heap Overflow
http://secunia.com/advisories/14179
http://www.sarc.com/avcenter/securit...005.02.08.html

LU downloaded a ~10mb server patch today (SAV corp 9)

PA Bear wrote:
Symantec UPX Parsing Engine Heap Overflow
http://secunia.com/advisories/14179
http://www.sarc.com/avcenter/securit...005.02.08.html

Yes, I read that at The Register. It took a while to stop laughing.

--
Regards

Nigel Stapley (Norton-free since Jan. '04)

www.judgemental.plus.com

reply-to will bounce

Update:

http://service1.symantec.com/SUPPORT...05020911112648
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

PA Bear wrote:
As of : February 10th 2005 19:38 UTC
http://isc.sans.org/diary.php?date=2005-02-09

* Updated: Serious Symantec Vulnerability, 1-day exploits, and the
missing 13th patch

Serious Symantec Vulnerability

Update: It appears that Symantec has not actually released the patches
as is mentioned on their web site. We have not found any patches for the
Symantec Antivirus Corporate Edition 8 and 9. We are investigating this
futher.
http://www.sarc.com/avcenter/securit...005.02.08.html *

PA Bear wrote:
Symantec UPX Parsing Engine Heap Overflow
http://secunia.com/advisories/14179
http://www.sarc.com/avcenter/securit...005.02.08.html