Symantec fixes flaws in AntiVirus, Backup Exec


Symantec fixes flaws in AntiVirus, Backup Exec

Bill Brenner, Senior News Writer

Symantec Corp. released security updates Wednesday for AntiVirus Corporate Edition and Backup Exec, fixing flaws attackers could exploit to gain extra user privileges, cause a denial of service or possibly launch malicious code.

The Cupertino, Calif.-based antivirus giant said in its SYM07-017 advisory

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

that the first flaw is in the Real-Time scanner (RTVScan) component of Symantec Antivirus Corporate Edition, which provides notification and logging services for the product.

"One function of RTVScan is to display a notification window with information about a threat found on the system if the program is configured to use that option," Symantec said. "[Researcher] Ali Rhabar notified Symantec that an unprivileged user could potentially attack this window with specially crafted code and gain system-level privileges on their local system. The user could then run code of their choice on their local system."

The good news, Symantec said, is that the attack potential is limited to local users and that the elevation of privilege is limited to the user's own system.

The advisory outlines fixes Symantec has made available for supported versions of the application. The vendor also suggested disabling the "notification message" window as a workaround.

Meanwhile, Backup Exec for Windows servers is vulnerable to a denial-of-service condition when specifically formatted calls are made to a registered RPC interface, according to Symantec's SYM07-015 advisory.

"The DoS occurs due to improper validation and subsequent handling of user input," Symantec said in its advisory. "Successful exploitation requires access to the service port which in a normal installation would require the attacker to have authorized but non-privileged access to the network on which the targeted server resides to leverage network communications."

Symantec said a successful attack would normally result in termination of the targeted service, but that "there is a slight potential that a sufficiently designed and implemented attack could possibly result in arbitrary code execution on and elevated access to the targeted system."

The vendor said its engineers have addressed the issue in all currently supported versions of the product.