Symantec Plugs Anti-virus Worm Hole in Record Time

Working feverishly through the holiday weekend, Symantecs security response team has completed patches for a “high-risk” worm hole in two enterprise-facing product lines.

The flaw, which could allow malicious hackers to take complete control of a system without any user action, was discovered and reported by eEye Digital Security 48 hours ago.

In an advisory posted May 27, Symantec described the issue as a stack overflow affecting the Symantec Client Security and Symantec AntiVirus Corporate Edition, two product suites targeted toward business and government customers.

/zimages/5/28571.gifClick here to read more about eEyes original discovery of the Symantec anti-virus worm hole.

“[It] could potentially allow a remote or local attacker to execute code on the affected machine,” said Symantec, of Cupertino, Calif.

“Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with system-level rights on the affected system,” it added.

The companys advisory is a confirmation of eEyes earlier warning that the flaw could lead to a self-propagating worm without any user action.

Affected products are the Symantec Client Security 3.0 and 3.1, and the Symantec Antivirus Corporate Edition 10.0 and 10.1. The consumer-facing Norton security suite is not susceptible to the vulnerability.

Symantec also released IDS (intrusion detection system) signatures to detect attempts to exploit the issue.

As best practice, Symantec “strongly recommends” that customers restrict access to administration or management systems to privileged users only, with additional restricted access to the physical host system or systems if possible.

/zimages/5/28571.gifClick here to read more about Symantecs use of a rootkit-type feature in Norton SystemWorks.

“Keep all operating systems and applications updated with the latest vendor patches [and] follow a multilayered approach to security. Run both firewall and anti-virus applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats,” the company said.

Symantec urged customers to be cautious when visiting unknown or untrusted Web sites or following unknown URL links. “Do not open attachments or executables from unknown sources or that you didnt request or were unaware of. Always err on the side of caution. Even if the sender is known, the source address may be spoofed,” it added.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.