Symantec Patches Corporate AntiVirus

Patch fixes security breach that could allow an unauthorized person to get into a company's servers through discovery of the administrator login name and password.

Symantec has released a patch for its corporate anti-virus software, after vulnerability was identified last week in a posting on security mailing list Bugtraq.

The flaw is in Version 9 of the Symantec Corp.s AntiVirus Corporate Edition, and could allow an unauthorized person to get into a companys servers through discovery of the administrator login name and password for the system.

The information is accessible because the software communicates with a LiveUpdate client for security and product updates. Once update data is received, information about the exchange is stored in a log file that includes administrator login details.

/zimages/2/28571.gifClick here to read more about Symantec acquiring Sygate.

Since the file is accessible to all users who are on the system, the user name and password could be utilized by anyone to gain entry into other, password-protected parts of the network.

In addition to creating a patch on Friday that fixes the problem, Symantec has also advised users of its Corporate Edition to create a separate login and password specifically for LiveUpdate information exchanges, to prevent inadvertent or intentional misuse of system access privileges.

Symantec has rated the vulnerability as medium risk, and has noted that there are no reports of customers being affected by the issue.

The existence of vulnerability in Symantecs anti-virus software is not surprising, said Thomas Kristensen, a researcher at security firm Secunia. However, that is not a comment on the quality of Symantecs products as much as it is an acknowledgement of the complexity of anti-virus products, he noted.

/zimages/2/28571.gifClick here to read more about how Symantecs AntiVirus tool puts server passwords in danger.

"Anti-virus software is multilayered, and must respond to rapidly evolving threats," Kristensen said. "It would be nice if such software was flawless, but because it is so complex, it will always have some errors."

Symantecs rapid response to the problem is notable, he added, especially since successful exploitation of the flaw could have been serious if a patch was delayed.

"It would be very tempting for someone to use Symantecs anti-virus inappropriately through use of the vulnerability," said Kristensen. "Fortunately, that has been prevented."

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.