Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Confirms AV Library Flaw, Promises Patch

Posted by CowboyNeal on from the watching-the-watchmen dept.

the_flyswatter writes "Anti-virus vendor Symantec Corp. has publicly acknowledged that a high-risk buffer overflow vulnerability in its AntiVirus Library could lead to code execution attacks when RAR archive files are scanned. The company confirmed the issue was a buffer overflow in the AntiVirus component used to decompose RAR (Roshal Archive) files. 'A specially crafted RAR file could potentially cause this buffer overflow to occur and execute hostile content from the RAR file,' the advisory read. The bug also affects 15 consumer products, including the widely deployed Symantec Norton AntiVirus, Symantec Norton Internet Security Professional, Norton Personal Firewall and Symantec Norton Internet Security for Macintosh."

7 of 133 comments (clear)

  1. Why confess? by Jotii · · Score: 4, Interesting

    Why did Symantec verify officially that this bug was present before fixing it? Now, evil RAR packages will probably be much more wide-spread than before.

    --
    [sig]
  2. Symantec lost it a long time ago by Anonymous Coward · · Score: 2, Interesting

    Our info security dept have advised us NOT to use Symantec AV products on our home PCs because, in their experience, they just don't work very well against a lot of the current crop of malware. You might as well use AVG and save the money. Norton AV also gets deep into a PC and is difficult to uninstall cleanly.

  3. like it wasn't bad enought before by phntm · · Score: 5, Interesting

    i'm a netadmin on an irc network and i've seen many zombie botnets, most of them are running "up-to-date" symantec antivirus products and feel safe while behind their backs their systems keep ddosing and hogging bandwith.
    symantec doesn't make me feel safe for sure.

  4. Re:Inherent problems with AV software by MichaelSmith · · Score: 3, Interesting
    Your best defence on the Internet is a hardware firewall router

    If you have windows clients your internet gateway (web proxy, email server) needs to be aware of the sort of content which can impact the clients.

    I lost a job supplying a linux router to a company with windows clients because the linux box just couldn't adequately protect the workstations.

    Its not fair, but what is?

    --
    http://michaelsmith.id.au
  5. buffer overflow in unrar? by wolf550e · · Score: 5, Interesting

    Does anyone know if Symantec wrote their own unrar library that is insecure or have they used Roshal's free code which was probably known to be insecure and someone just discoverd they didn't bother to fix it before including in their products?

  6. Return of.. by Egregius · · Score: 2, Interesting

    Return of the virusses that activate when scanned over. Last time this happened was in..what? The eighties? I always wondered how it was possible for code to become active when scanned over, but now that I do, I really have to frown at this.

  7. Re:You know what this means - by advocate_one · · Score: 2, Interesting
    actually, considering I cut my programming teeth way back in the early 70's and had to punch my programmes in on good old fashioned punched cards... built my first personal computer the hard way by having to solder EVERY connection, and had to code it by typing in the raw op codes, I think I'm ably qualified to tell you young whippersnappers, especially those inexperienced whippersnappers that Microsoft insists on using, where things are wrong...

    oh by the way, they have to pay me to use ms-windows... I use and code on Linux by personal choice. My daughters and my grandchildren also prefer Linux

    --
    Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.