[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 136/04 - Symantec Security Advisory SYM04-005



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 136/04 dated 23.03.04  Time: 11:40  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Symantec Norton Internet Security and Norton AntiSpam Remote Access Vulnerability.



Detail
====== 

NGSsoftware notified Symantec of a security vulnerability NGSsoftware had 
found in the Symantec Norton Internet Security and Symantec Norton 
AntiSpam 2004. If properly exploited this vulnerability could allow remote 
execution of arbitrary code on a targeted system resulting in possible 
system compromise.


           ESB-2004.0229 -- Symantec Security Advisory SYM04-005
    Symantec Norton Internet Security and Norton AntiSpam Remote Access
                               Vulnerability
                               23 March 2004


Product:                Norton Internet Security
                        Norton AntiSpam
Publisher:              Symantec
Operating System:       Windows
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Remote

Ref:                    ESB-2004.0228

Comment: Symantec response to NGSSoftware Advisories NISR19042004a and
         NISR19042004b

- - --------------------------BEGIN INCLUDED TEXT--------------------

Symantec Security Advisory

SYM04-005

19 March, 2004 
Symantec Norton Internet Security and Norton AntiSpam Remote Access 
Vulnerability 

Revision History
None

Risk Impact
High

Overview
NGSsoftware notified Symantec of a security vulnerability NGSsoftware had 
found in the Symantec Norton Internet Security and Symantec Norton 
AntiSpam 2004. If properly exploited this vulnerability could allow remote 
execution of arbitrary code on a targeted system resulting in possible 
system compromise.

Affected Components
Symantec Norton Internet Security 2004 and Professional for Windows Symantec Norton AntiSpam 2004 

Details
Symantec was alerted to a remote access vulnerability that NGSsoftware 
discovered while evaluating Symantec Norton Internet Security 2004 and 
Symantec Norton AntiSpam 2004.  Symantec Norton Internet Security and 
Symantec Norton AntiSpam 2004 contain ActiveX components that do not do 
proper bounds checking of external input.  A malicious individual could 
potentially exploit these weaknesses to launch a local application on the 
target system and possibly run arbitrary code of their choice on the local 
system with elevated privileges.

To do this successfully, the attacker would need to either entice the 
targeted user to visit a location where the malicious code could be 
launched or to download and launch the malicious code on their system. 
Successful execution of these security issues could result in compromise 
of the targeted system.

Symantec Response
Symantec has verified the issues reported by NGSsoftware and released 
patches for both Symantec Norton Internet Security and Symantec Norton 
AntiSpam 2004 via Symantec LiveUpdate.  Customers should run Symantec 
LiveUpdate manually to ensure all installed Symantec products are fully 
updated.
.       Open any installed Symantec product
.       Click on LiveUpdate in the toolbar
.       Run LiveUpdate until all available Symantec product updates are 
downloaded and installed

Symantec is unaware of any active exploits for or customer impact from 
these issues.  Symantec will continue to evaluate the issues.

As a part of normal best practices, Symantec recommends using a 
multi-layered approach to security. Users, at a minimum, should run both 
personal firewall and antivirus applications with current updates to 
provide multiple points of detection and protection to both inbound and 
outbound threats.

Users should keep vendor-supplied patches for all application software and 
operating systems up-to-date.

Users should further be wary of mysterious attachments and executables 
delivered via email and be wary of visiting unknown/untrusted websites.

Do not open attachments or executables from unknown sources. Always err on 
the side of caution.

Even if the sender is known, be wary of attachments if the sender does not 
fully explain the attachment content in the body of the email. You do not 
know the source of the attachment.

If in doubt, contact the sender before opening the attachment. If still in 
doubt, delete the attachment without opening it.


CVE
Symantec has requested a Common Vulnerabilities and Exposures (CVE) 
candidate name for these issues.  We will revise this Advisory upon 
receipt.

This is a candidate for inclusion in the CVE list (http://cve.mitre.org), 
which standardizes names for security problems.

Credit:
Symantec appreciates the cooperation of Mark Litchfield and the 
NGSsoftware research team in identifying this issue.

Symantec Product Security Contact:
Symantec takes the security and proper functionality of its products very 
seriously.  As founding members in the Organization for Internet Safety, 
Symantec follows the process of responsible disclosure.  Please contact 
symsecurity@xxxxxxxxxxxx if you feel you have discovered a potential or 
actual security issue with a Symantec product.


Symantec strongly recommends using encrypted email for reporting 
vulnerability information to symsecurity@xxxxxxxxxxxxx  The SymSecurity 
PGP key may be obtained from the Symantec Security Response site.


- - --------------------------------------------------------------------------------

Copyright (c) 2004 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as 
it is not edited in any way unless authorized by Symantec Security 
Response. Reprinting the whole or parts of this alert in any medium other 
than electronically requires permission from symsecurity@xxxxxxxxxxxxx

Disclaimer
The information in the advisory is believed to be accurate at the time of 
publishing based on currently available information. Use of the 
information constitutes acceptance for use in an AS IS condition. There 
are no warranties with regard to this information. Neither the author nor 
the publisher accepts any liability for any direct, indirect, or 
consequential loss or damage arising from use of, or reliance on, this 
information.

Symantec, Symantec products, and SymSecurity are registered trademarks of 
Symantec Corp. and/or affiliated companies in the United States and other 
countries. All other registered and unregistered trademarks represented in 
this document are the sole property of their respective companies/owners. 



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Symantec for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQGAi9opao72zK539AQGjGwP/en5jnlkZVudjY6E3epb/DBR1lSFPV1aS
ARuheSzh+HtZE4zInoFo/FmF81guCo8ZN68JBuGM6RpYu99jsLHvSXOXxwy4WJgk
jO8Baqdy9YsTidIWaf/2PjFX0/VkR40+UTIwr33u8LAwoTgDWylFSh4xKe1jHYB2
iuS823OwsSE=
=drWz
-----END PGP SIGNATURE-----