nanog mailing list archives
Re: Symantec AV may execute viruses
From: Dragos Ruiu <dr () kyx net>
Date: Thu, 10 Feb 2005 12:46:13 -0800
On February 10, 2005 12:01 pm, Dragos Ruiu wrote:
On February 10, 2005 10:29 am, Paul G wrote:----- Original Message ----- From: "Jeff Wheeler" <jwheeler () usip org> To: "Colin Johnston" <colinj () mx5 org uk> Cc: <nanog () merit edu> Sent: Thursday, February 10, 2005 1:18 PM Subject: Re: Symantec AV may execute virusesAlso, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products.if this is a heap overflow and if osx uses a bsd-derived libc (with phy malloc implementation), the vulnerability would not be exploitable. this seems like a probable explanation.Neil Mehta & Alex Wheeler from ISS who identified this and a number of other AV issues will be doing a presentation on it entitled, "Owning Antii-Virus" at CanSecWest.
P.s. To not pick on any one vendor exclusively, it's not just Symantec that has issues... I know that an F-Secure advisory has now been released too... and who knows, as an educated guess, I'd bet there probably will be others coming... ;-) Allocating some IT schedule to AV updates/verification seems prudent. -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada May 4-6 2005 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp
Current thread:
- Symantec AV may execute viruses Jeff Wheeler (Feb 10)
- Re: Symantec AV may execute viruses Jeff Wheeler (Feb 10)
- <Possible follow-ups>
- Re: Symantec AV may execute viruses Jeff Wheeler (Feb 10)
- Re: Symantec AV may execute viruses Paul G (Feb 10)
- Re: Symantec AV may execute viruses Dragos Ruiu (Feb 10)
- Re: Symantec AV may execute viruses Dragos Ruiu (Feb 10)
- RE: Symantec AV may execute viruses Brance Amussen :)_S (Feb 10)
- Re: Symantec AV may execute viruses Paul G (Feb 10)
- Re: Symantec AV may execute viruses Chris Adams (Feb 10)
- RE: Symantec AV may execute viruses Brance Amussen :)_S (Feb 10)
- Re: Symantec AV may execute viruses Jeff Wheeler (Feb 10)
- Re: Symantec AV may execute viruses John Payne (Feb 10)