TITLE: Symantec Multiple Products UPX Parsing Engine Buffer Overflow SECUNIA ADVISORY ID: SA14179
VERIFY ADVISORY: http://secunia.com/advisories/14179/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Symantec Gateway Security 1.x http://secunia.com/product/876/ Symantec Gateway Security 2.x http://secunia.com/product/3104/ SOFTWARE: Norton Internet Security 2004 http://secunia.com/product/2441/ Norton Internet Security 2004 Professional http://secunia.com/product/2442/ Norton SystemWorks 2004 http://secunia.com/product/2796/ Symantec AntiVirus Corporate Edition 8.x http://secunia.com/product/659/ Symantec AntiVirus Corporate Edition 9.x http://secunia.com/product/3549/ Symantec AntiVirus for Caching 4.x http://secunia.com/product/4626/ Symantec AntiVirus for Network Attached Storage 4.x http://secunia.com/product/4625/ Symantec AntiVirus for SMTP Gateways 3.x http://secunia.com/product/2231/ Symantec AntiVirus Scan Engine 4.x http://secunia.com/product/3040/ Symantec AntiVirus/Filtering for Domino http://secunia.com/product/2029/ Symantec Brightmail AntiSpam 4.x http://secunia.com/product/4627/ Symantec Brightmail AntiSpam 5.x http://secunia.com/product/4628/ Symantec Client Security 1.x http://secunia.com/product/2344/ Symantec Client Security 2.x http://secunia.com/product/3478/ Symantec Mail Security for Exchange 4.x http://secunia.com/product/2820/ Symantec Mail Security for SMTP 4.x http://secunia.com/product/3558/ Symantec Norton AntiVirus 2004 http://secunia.com/product/2800/ Symantec Norton AntiVirus for Microsoft Exchange 2.x http://secunia.com/product/1017/ Symantec Web Security 3.x http://secunia.com/product/2813/ DESCRIPTION: ISS X-Force has reported a vulnerability in multiple Symantec products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file. Successful exploitation allows execution of arbitrary code. The vulnerability affects the following products: * Norton AntiVirus for Microsoft Exchange 2.1 (prior to build 2.18.85) * Symantec Mail Security for Microsoft Exchange 4.0 (prior to build 4.0.10.465) * Symantec Mail Security for Microsoft Exchange 4.5 (prior to build 4.5.3) * Symantec AntiVirus/Filtering for Domino NT 3.1 (prior to build 3.1.1) * Symantec Mail Security for Domino 4.0 (prior to build 4.0.1) * Symantec AntiVirus/Filtering for Domino Ports 3.0 for AIX (prior to build 3.0.6) * Symantec AntiVirus/Filtering for Domino Ports 3.0 for OS400, Linux, Solaris (prior to build 3.0.7) * Symantec AntiVirus Scan Engine 4.3 (prior to build 4.3.3) * Symantec AntiVirus for Network Attached Storage (prior to build 4.3.3) * Symantec AntiVirus for Caching (prior to build 4.3.3) * Symantec AntiVirus for SMTP 3.1 (prior to build 3.1.7) * Symantec Mail Security for SMTP 4.0 (prior to build 4.0.2) * Symantec Web Security 3.0 (prior to build 3.0.1.70) * Symantec BrightMail AntiSpam 4.0 * Symantec BrightMail AntiSpam 5.5 * Symantec AntiVirus Corporate Edition 9.0 (prior to build 9.01.1000) * Symantec AntiVirus Corporate Edition 8.01, 8.1.1 * Symantec Client Security 2.0 (prior to build 9.01.1000) * Symantec Client Security 1.0 * Symantec Gateway Security 2.0, 2.0.1 - 5400 Series * Symantec Gateway Security 1.0 - 5300 Series * Symantec Norton Antivirus 2004 for Windows * Symantec Norton Internet Security 2004 (pro) for Windows * Symantec Norton System Works 2004 for Windows * Symantec Norton Antivirus 2004 for Macintosh * Symantec Norton Internet Security 2004 for Macintosh * Symantec Norton System Works 2004 for Macintosh * Symantec Norton Antivirus 9.0 for Macintosh * Symantec Norton Internet Security for Macintosh 3.0 * Symantec Norton System Works for Macintosh 3.0 SOLUTION: Updates are available (see the vendor advisory for details). ORIGINAL ADVISORY: Symantec: http://www.sarc.com/avcenter/security/Content/2005.02.08.html ISS X-Force: http://xforce.iss.net/xforce/alerts/id/187 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
