Bugtraq mailing list archives
Re: Symantec UPX Parsing Engine Heap Overflow
From: James Riden <j.riden () massey ac nz>
Date: Fri, 11 Feb 2005 23:09:57 +1300
Neil Watson <bugtraq () watson-wilson ca> writes:
There is an article about a vulnerability in Symantec's NAV and other products: http://securityresponse.symantec.com/avcenter/security/Content/2005.02.08.html The details are somewhat lacking on what specifically needs to be updated. We are running several NAV servers from 7.5 to 8.1 and I can't tell whether or not I need to patch or if LiveUpdate is taking care of this. There are mixed comments (as always) on Slashdot: http://it.slashdot.org/article.pl?sid=05/02/10/1327220&tid=172 Does anyone have information or experiences to share?
This is from Slashdot and consistent with what Symantec phone support have told me: "If you're running Corporate Edition, you won't be getting the patch via LiveUpdate. You need to call their tech support line with your serial number or contact/contract number, and they'll give you the information (FTP site and password) for obtaining the 9.0 MR3 update for SAV Corporate Edition. This updates the software to version 9.0.3.1000" --SethB Also Symantec Mail Security for Exchange v. 4.5.x should be updated to 4.5.4 at least. There seems to be a great deal of confusion and it's very hard to actually get an update from Symantec even after you've talked to tech support (servers are down or busy atm.). In general Symantec's response is somewhat disappointing, though the techs are clearly doing their best under difficult circumstances right now. -- James Riden / j.riden () massey ac nz / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer.
Current thread:
- Symantec UPX Parsing Engine Heap Overflow Neil Watson (Feb 10)
- Re: Symantec UPX Parsing Engine Heap Overflow James Riden (Feb 11)