Re: Symantec AV may execute viruses

[Dragos Ruiu <dr () kyx net>]

On February 10, 2005 12:01 pm, Dragos Ruiu wrote:
> On February 10, 2005 10:29 am, Paul G wrote:
> > ----- Original Message -----
> > From: "Jeff Wheeler" <jwheeler () usip org>
> > To: "Colin Johnston" <colinj () mx5 org uk>
> > Cc: <nanog () merit edu>
> > Sent: Thursday, February 10, 2005 1:18 PM
> > Subject: Re: Symantec AV may execute viruses
> >
> > > Also, it doesn't appear that this issue effects the Mac software (at
> > > least, I didn't see the Mac products in the Symantec vulnerability
> > > list), only Windows products.
> >
> > if this is a heap overflow and if osx uses a bsd-derived libc (with phy
> > malloc implementation), the vulnerability would not be exploitable. this
> > seems like a probable explanation.
>
> Neil Mehta & Alex Wheeler from ISS who identified this and a number
> of other AV issues will be doing a presentation on it entitled, "Owning
> Antii-Virus"  at CanSecWest.

P.s. To not pick on any one vendor exclusively, it's not just Symantec 
that has issues... I know that an F-Secure advisory has now been 
released too... and who knows, as an educated guess, I'd bet 
there probably will be others coming... ;-)   Allocating some IT
schedule to AV updates/verification seems prudent.

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada       May 4-6 2005  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp