lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060918191839.14769.qmail@securityfocus.com>
Date: 18 Sep 2006 19:18:39 -0000
From: secure@...antec.com
To: bugtraq@...urityfocus.com
Subject: Symantec Security Advisory:  Symantec AntiVirus Corporate Edition


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Symantec AntiVirus and Symantec Client Security Elevation of Privilege
September 13, 2006

Overview
An elevation of privilege vulnerability in Symantec Client Security and
Symantec AntiVirus Corporate Edition could potentially allow a local
attacker to execute code with elevated privileges on the target machine. 

Affected Products
Symantec AntiVirus Corporate Edition versions 10.0, 9.x, and 8.1 
Symantec Client Security versions 3.0, 2.x, 1.x

Unaffected Products
Symantec AntiVirus Corporate Edition version 10.1 
Symantec Client Security version 3.1
Norton product line 

Details
Deral Heiland of Layered Defense notified Symantec of a format string
vulnerability within Symantec AntiVirus Corporate Edition.  If successfully
exploited, the vulnerability could allow a local attacker to execute code
with elevated privileges on the local system. 

In addition, Symantec engineers found a second format string vulnerability
in the alert notification process.  This issue could allow a local user to
replace the alert notification message with a format string which could
cause potentially cause the Real Time Virus Scan service to crash when the
notification message is displayed following the detection of a malicious
file.  


Symantec Response

Symantec engineers have verified that these vulnerabilities exist in the
product versions indicated, and have provided updates to address the issue.
 

Please refer to our advisory for any updates on this vulnerablity:
http://www.symantec.com/avcenter/security/Content/2006.09.13.html

Symantec Product Security

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRQ7x2By6+gFWHby+AQi3hwgAjJSJH5kmtrR/tknJQPetijsTPdjnOzr9
RckwDTCd4BQQfWgU4SBO6rerdhooEFQ0O2Th2VQ8kvaeuIf09wcrkOQB2x6IDdaQ
PXXdSsXsntQo/lzOLxxqQZplYaNPLCfk4NNsvpIHRVgsHLRYJF0CrD2vT6HF35OM
X864YzovNFT7Q0qTo0vmqxG58q+STXrR/+R3slKj6gj8xNsk3QMHU+Z7goOz9mKZ
VahzH55qc83/Id1rzk01omrt3L25V+lDLoHT7QCnGNdjJkcygLluN/jPedqQiWfr
a23G2k7bku1syK8zXq9o5OyyC9B+Th8C7pB9JmAUMC2dCZqmSbHFkg==
=aga/
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ