eEye Discovers Flaw in Symantec’s Antivirus Program

eEye Digital Security has discovered a critical vulnerability in Symantec’s antivirus enterprise software — a remotely exploitable flaw that provides system level access to affected machines.

Following expected protocol for such discoveries, eEye notified Symantec on Wednesday evening, Mike Puterbaugh, eEye’s vice president of product marketing, told TechNewsWorld.

eEye posted its own warning on its Web site once Symantec acknowledged the alert. Beyond the details already released, eEye is not providing additional information about the vulnerability until Symantec develops a patch.

The vulnerability, classified by eEye as critical, is in version 10.0. Soft bundles that include this application — such as a bundle of both firewall and antivirus applications — could also be affected, Puterbaugh said.

Consumers Safe

The consumer version of the Symantec antivirus application is fine, emphasized Puterbaugh.

“I have seen some reports where it was speculated that consumers were at risk as well. That is not true. Any flaw, regardless of the severity, though, is an issue,” he maintained. “Even if it is a denial of service flaw, it could still render a machine unavailable. In this case, this flaw could allow a hacker to take data or execute a program on his behalf.”

Responsible Disclosure

Ron O’Brien, senior security analyst with Sophos, was pleased to see eEye follow the rules for responsible disclosure in notifying a company of its vulnerability and giving it a chance to develop a patch.

“Whether we are competitors or not, we all have a responsibility for protecting the Internet,” he told TechNewsWorld.

In April, Rapid7 reported that there were numerous flaws in Symantec Scan Engine that could provide unauthorized access to critical data and malicious attacks, including the following:

  • A design error in the authentication model used by the administrative interface;
  • Use of the same private DSA key by every installation of Symantec Scan Engine that could allow an attacker to intercept and decrypt all communications between Symantec Scan Engine and an administrative client;
  • A vulnerability that allows unauthenticated remote users to download any file located in the Symantec Scan Engine installation directory, which includes current virus definitions. Knowledge of installed virus definitions will allow an attacker to determine what viruses can be used to infect the network without detection, Rapid7 said in its advisory.

Symantec was notified about the flaws and released an upgrade to the product.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels