TITLE: Symantec Norton AntiVirus MS-DOS Device Name Handling Weakness SECUNIA ADVISORY ID: SA12734
VERIFY ADVISORY: http://secunia.com/advisories/12734/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: Symantec Norton AntiVirus 2003 http://secunia.com/product/175/ Symantec Norton AntiVirus 2004 http://secunia.com/product/2800/ Symantec Norton AntiVirus 2005 http://secunia.com/product/4009/ DESCRIPTION: Kurt Seifried has reported a weakness in Symantec Norton AntiVirus, which can be exploited by malware to bypass certain scanning functionality. The problem is caused due to an error within the handling of files and directories on the system with reserved MS-DOS device names and can be exploited by including malware in a file or directory with such a name (e.g. "prn" or "aux"). Successful exploitation causes malware to evade detection during automatic and manual scans. NOTE: Malware will reportedly still be detected by the email scanning functionality and upon execution. SOLUTION: The vendor has issued a fix for Symantec Norton AntiVirus 2004, which is available via LiveUpdate. The fix will be available for other versions via LiveUpdate later. ORIGINAL ADVISORY: Symantec: http://www.sarc.com/avcenter/security/Content/2004.10.05.html iDEFENSE: http://www.idefense.com/application/poi/display?id=147&type=vulnerabilities ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
