jump to navigation

Norton Security Alert October 11, 2005

Posted by peewitsol in Technical.

Security Alert, October 11, 2005
Symantec Antivirus Scan Engine Might Run Arbitrary Code
iDEFENSE reported a vulnerability in Symantec Antivirus Scan Engine.
The engine lets third-party applications interface with Symantec’s content-scanning technologies. The vulnerability exists in the Web- based administrative interface, which doesn’t properly validate input provided through HTTP requests. If an intruder gains access to the administrative interface’s TCP port (8004), he or she might be able to launch arbitrary code and gain privileged access to the system.
The problem affects Symantec Antivirus Scan Engine 4.0 for:
Microsoft ISA Server 2000, NetApp Filer, NetApp NetCache, Bluecoat, and Clearswift. The problem also affects Symantec Antivirus Scan Engine 4.3
for: Microsoft ISA Server 2000, Microsoft SharePoint, Messaging, Network Attached Storage, Caching, and Bluecoat. Symantec said that Symantec Antivirus Scan Engine 4.1 isn’t affected.
Symantec has released an update to correct the problem. The update is available through the company’s Platinum Support Site or its FileConnect Web site. The company also recommends that administrators not expose the administrative port to external networks, such as the Internet. Alternatively, you can disable the interface by setting the administrative interface port number to zero. If the interface must remain enabled, then access to that port should be restricted in some way, such as using a secure network segment. You can also control access to the port via firewall rules.



No comments yet — be the first.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: