ID

VAR-200609-0268

CVE

CVE-2006-4802

TITLE

Symantec AntiVirus Corporate Edition Such as Real Time Virus Scan Format string vulnerability in service

DESCRIPTION

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. Symantec AntiVirus Corporate Edition is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting these vulnerabilities may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges. Attackers may also crash the Real Time Virus Scan service. Symantec AntiVirus is a very popular antivirus solution. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. 2) Another format string error exists in the alert notification process when displaying a notification message upon detection of a malicious file. SOLUTION: Apply patches (see patch matrix in vendor advisory). PROVIDED AND/OR DISCOVERED BY: 1) David Heiland, Layered Defense. 2) Reported by the vendor ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html Layered Defense: http://layereddefense.com/SAV13SEPT.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1216-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 20th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : flexbackup Vulnerability : insecure temporary file Problem-Type : local Debian-specific: no CVE ID : CVE-2006-4802 Debian Bug : 334350 Eric Romang discovered that the flexbackup backup tool creates temporary files in an insecure manner, which allows denial of service through a symlink attack. For the stable distribution (sarge) this problem has been fixed in version 1.2.1-2sarge1 For the upcoming stable distribution (etch) this problem has been fixed in version 1.2.1-3. For the unstable distribution (sid) this problem has been fixed in version 1.2.1-3. We recommend that you upgrade your flexbackup package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.dsc Size/MD5 checksum: 587 06539319d0534272e216306562677723 http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.diff.gz Size/MD5 checksum: 3546 3365f545bd49464f4e58bacc503f8b28 http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1.orig.tar.gz Size/MD5 checksum: 80158 4955c89dbee354248f354a9bf0a480dd Architecture independent components: http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1_all.deb Size/MD5 checksum: 75836 240f8792a65a0d80b8ef85d4343a4827 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFYhMIXm3vHE4uyloRAjjTAKDCnxcy1cKXf1yBEbVCIyc3JANyMQCgz8JD pz5K4X1ok9uom1/tmGPBFoU= =WJOD -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

format string

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Deral Heiland http://www.layereddefense.com/

SOURCES

LAST UPDATE DATE

2024-08-14T14:47:53.681000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE