Re: Symantec UPX Parsing Engine Heap Overflow

[James Riden <j.riden () massey ac nz>]

Neil Watson <bugtraq () watson-wilson ca> writes:

> There is an article about a vulnerability in Symantec's NAV and other
> products:
> http://securityresponse.symantec.com/avcenter/security/Content/2005.02.08.html
>
> The details are somewhat lacking on what specifically needs to be
> updated.  We are running several NAV servers from 7.5 to 8.1 and I can't
> tell whether or not I need to patch or if LiveUpdate is taking care of
> this.  There are mixed comments (as always) on Slashdot:
> http://it.slashdot.org/article.pl?sid=05/02/10/1327220&tid=172
>
> Does anyone have information or experiences to share?

This is from Slashdot and consistent with what Symantec phone support
have told me:

"If you're running Corporate Edition, you won't be getting the patch
via LiveUpdate. You need to call their tech support line with your
serial number or contact/contract number, and they'll give you the
information (FTP site and password) for obtaining the 9.0 MR3 update
for SAV Corporate Edition. This updates the software to version
9.0.3.1000" --SethB

Also Symantec Mail Security for Exchange v. 4.5.x should be updated to
4.5.4 at least. 

There seems to be a great deal of confusion and it's very hard to
actually get an update from Symantec even after you've talked to tech
support (servers are down or busy atm.). In general Symantec's
response is somewhat disappointing, though the techs are clearly doing
their best under difficult circumstances right now.

-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.