NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2004-q4

[SA12734] Symantec Norton AntiVirus MS-DOS Device Name Handling Weakness

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Oct 06 2004 - 03:36:02 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Symantec Norton AntiVirus MS-DOS Device Name Handling Weakness

SECUNIA ADVISORY ID:
SA12734

VERIFY ADVISORY:
http://secunia.com/advisories/12734/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
Local system

SOFTWARE:
Symantec Norton AntiVirus 2003
http://secunia.com/product/175/
Symantec Norton AntiVirus 2004
http://secunia.com/product/2800/
Symantec Norton AntiVirus 2005
http://secunia.com/product/4009/

DESCRIPTION:
Kurt Seifried has reported a weakness in Symantec Norton AntiVirus,
which can be exploited by malware to bypass certain scanning
functionality.

The problem is caused due to an error within the handling of files
and directories on the system with reserved MS-DOS device names and
can be exploited by including malware in a file or directory with
such a name (e.g. "prn" or "aux").

Successful exploitation causes malware to evade detection during
automatic and manual scans.

NOTE: Malware will reportedly still be detected by the email scanning
functionality and upon execution.

SOLUTION:
The vendor has issued a fix for Symantec Norton AntiVirus 2004, which
is available via LiveUpdate.

The fix will be available for other versions via LiveUpdate later.

PROVIDED AND/OR DISCOVERED BY:
Kurt Seifried

ORIGINAL ADVISORY:
Symantec:
http://www.sarc.com/avcenter/security/Content/2004.10.05.html

iDEFENSE:
http://www.idefense.com/application/poi/display?id=147&type=vulnerabilities

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]