Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Symantec AV RAR library vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec AV RAR library vulnerability
Yesterday, Alex Wheeler released details of a vulnerability that appears to span many Symantec A/V products in the routines for decoded RAR compressed files.  Symantec is apparently working feverishly on a fix, but for the moment the recommendation is to disable scanning of these files (which I suppose is fine if we can convince the users not to open/uncompress them until Symantec has a fix or they can be scanned by some other A/V product) or block them completely at gateways/proxies.  We are not currently aware of exploits in the wild, but the concern is that this has occurred so close to the end-of-year holidays, even if a fix does come out in the next few days, will people be around to apply it.

For complete details see, the Bugtraq posting, the Secunia advisory, and what I believe is Alex's paper.

We'll bring you more info as it becomes available.

----------------------
Jim Clausing, jclausing at isc.sans.org
I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019

Jim

405 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!