 NEWS
Security flaw in Symantec's anti-virus software
By Sam Costello
October 11, 2001 2:00 pm PT
THE TOOL USED to update the virus definitions in Symantec's anti-virus products has a security hole that can allow hostile code to be downloaded to PCs, according to the German hacking group Phenoelit.
LiveUpdate, the software used by Symantec's anti-virus software to automatically update virus protections when updates become available, has flaws in both the 1.4 and 1.6 versions that allow for the attacks, Phenoelit said. When LiveUpdate 1.4 looks for updates, it attempts to connect to a specific server at Symantec, the group said. That connection, however, can be hijacked using a number of DNS attacks and rerouted to the server of the attacker's choice, Phenoelit said. If an attacker re-creates the proper directory structure on the server the connection is sent to, any code can be downloaded to the user's machine and executed, the group said.
Version 1.6 doesn't have as extensive a vulnerability, but can fall victim to a network performance degradation attack, the group said. The use of a special Symantec data format for the updates and cryptographically signed update files prevents the same kind of attacks that LiveUpdate 1.4 can be hit with, Phenoelit said. Version 1.6 can also be prevented from receiving any updates, even if they are available, by using the connection hijacking attack and manipulating some files on the destination server, the group said.
Phenoelit notified Symantec of the flaw on Sept. 22, according to documents on the group's Web site. Symantec, in Cupertino, Calif., did not immediately return calls seeking comment.
The group advised users to upgrade to LiveUpdate 1.6, although it noted that LiveUpdate 1.6 is still vulnerable to the network degradation attack. It also urged Symantec to use new cryptographic signing methods and to tell its customer about the security flaws in LiveUpdate 1.4.
Phenoelit's full advisory can be found on the group's Web site at www.phenoelit.de/stuff/LiveUpdate.txt.
Sam Costello is a Boston-based correspondent for the IDG News Service, an InfoWorld affiliate.
RELATED ARTICLES
 Microsoft warns of Excel, PowerPoint vulnerabilities
RELATED SUBJECTS
Security
Networking
SPONSORED WHITE PAPERS
EMC
- Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust
- Are you ready for Sobig.G? Learn how to protect your email systems.
CDW
- Personal attention. CDW. The Right Technology. Right Away.
EMC
- Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel
- Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco
- FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc.
- "Mass Consolidation Hits the Web-Search Market"
McDATA
- Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies
- Overcoming Common Firewall Limitations
Lucent Technologies
- Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia
- Get the scoop! Mobilizing business white papers & case studies.
BMC Software
- Maximize the Potential of Enterprise Data: Free white paper!
Network Associates
- Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust
- Manage identities across applications. Improve productivity.
Stalker Software
- CommuniGate Pro - Transform your Email and Calendaring
Remedy
- A NEW Gartner Research Note:Producing Quality IT Services
Search the IDG White Paper Library:
|
SPONSORED LINKS
|
