Critical bug found in anti-virus software

Henk Elegeert HmjE at HOME.NL
Thu Dec 22 18:14:19 CET 2005 

REPLY TO: D66 at nic.surfnet.nl

http://www.newscientist.com/article.ns?id=dn8505

"
Critical bug found in anti-virus software

     * 12:40 22 December 2005
     * NewScientist.com news service
     * Will Knight

A critical software bug has been discovered in several of the most
widely used anti-virus programs. It could be exploited to take control
of a computer or to steal information, according to an analysis produced
by the independent security analyst who made the discovery.

The glitch affects 39 different Symantec products - including both home
and enterprise versions of its anti-virus software. It resides within
the Symantec anti-virus library, which is used by all of the packages.

The analyst, Alex Wheeler, discovered that a critical error occurs when
the Symantec anti-virus library decompresses files from "RAR" format for
analysis. An attacker could exploit the loophole to load unauthorised
code onto a computer, and potentially to crack open its defences, he says.

"During decompression of RAR files Symantec is vulnerable to multiple
heap overflows allowing attackers complete control of the system(s)
being protected," Wheeler writes in his analysis of the flaw. "These
vulnerabilities can be exploited remotely without user interaction in
default configurations through common protocols."

Symantec has confirmed the problem and produced an advisory of its own.
It is currently working on a permanent fix but has released an update so
that computers running its anti-virus software should automatically
detect and block attempts to exploit the bug.

So far, there is no evidence that the bug has been used to attack
computers. However, a study released in November 2005 by the SANS
Institute, a US-based computer security organisation, suggests that
computer criminals are increasingly focusing on anti-virus software in
order to compromise machines.

This is partly because the software is widely used and runs constantly,
but also because bugs in the most widely used operating system -
Microsoft's Windows - are now repaired fairly rapidly.
"

Nou moe, denk ik veiig te zitten achter je software blijkt .....

Henk Elegeert

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66 uwvoornaam uwachternaam
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********

More information about the D66 mailing list