By Joris Evers
Staff Writer, CNET News.com
October 5, 2005
A serious security flaw in part of Symantec's antivirus products puts
enterprise systems running the software at risk of intrusion.
A buffer overflow flaw in the Symantec AntiVirus Scan Engine could let
remote attackers run code on vulnerable machines, Symantec said in an
advisory Tuesday. The problem affects various versions of the engine,
which is the part of the security software that actually scans for
threats. Security patches are available to correct the problem, which
Symantec rates "high" on its risk impact scale.
"Symantec strongly recommends all customers immediately apply the
latest updates for their supported product versions to protect against
these types of threats," the company said in its alert. No attacks
that use the flaw have been reported, Symantec said.
The security hole lies in the Web-based administrative interface of
the Symantec Antivirus Scan Engine, the company said. This interface
is part of several of the company's corporate antivirus products. An
attacker could exploit it by sending a malformed request to the
interface, security intelligence company iDefense said in an advisory.
iDefense reported the flaw to Symantec.
Symantec advises people to check their installation. The
administrative interface should be accessible only via a secure
segment of the network and should never be open outside a company's
network, Symantec said.
Disclosure of the Symantec issue is further evidence that researchers
are increasingly looking for holes in security products. Protective
technology is commonly installed on PCs, servers, network gateways and
mobile devices. As it becomes more widespread, the more attractive a
target security software becomes to cybercriminals, experts have said.
Earlier this week a serious flaw in Kaspersky's antivirus products was
Copyright =A91995-2005 CNET Networks, Inc. All rights reserved.
InfoSec News v2.0 - Coming Soon!