Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 56

Thread: Multiple AV vendor vulns / updates / issues

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ClamAV DoS vuln - update available

    FYI...

    ClamAV DoS vuln - update available
    - http://secunia.com/advisories/45382/
    Release Date: 2011-07-26
    Criticality level: Moderately critical
    Impact: DoS
    Where: From remote...
    Solution Status: Vendor Patch
    ... The vulnerability is reported in versions prior to 0.97.2.
    Solution: Update to version 0.97.2.

    - http://www.clamav.net/lang/en/
    "... ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing
    detection, hash matcher, and other minor issues. Please see the ChangeLog file for details..."
    * http://git.clamav.net/gitweb?p=clama...=clamav-0.97.2

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation McAfee SaaS Endpoint v5.2.2 update released

    FYI...

    McAfee SaaS Endpoint v5.2.2 update released
    - https://secunia.com/advisories/45506/
    Release Date: 2011-08-09
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: McAfee SaaS Endpoint Protection 5.x
    ... vulnerabilities are reported in versions 5.2.1 and prior.
    Solution: Update to version 5.2.2...

    - http://www.securitytracker.com/id/1025890
    Aug 9 2011
    Vendor URL: https://kc.mcafee.com/corporate/inde...ent&id=SB10016

    Last edited by AplusWebMaster; 2011-08-09 at 15:33.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Symantec - Veritas/NetBackup advisory...

    FYI...

    Symantec - Veritas/NetBackup advisory
    * http://www.symantec.com/business/sec...id=20110815_00
    August 15, 2011- SYM11-010
    Severity: High...

    - http://www.symantec.com/business/sup...&id=TECH165536
    Updated: 2011-08-15

    - http://www.securitytracker.com/id/1025926
    - http://www.securitytracker.com/id/1025927
    Aug 15 2011

    - https://secunia.com/advisories/45576/
    Release Date: 2011-08-15
    Criticality level: Moderately critical
    Impact: System access
    Where: From local network
    Solution Status: Partial Fix*...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Symantec Enterprise Vault multiple vuln - hotfix available

    FYI...

    VB100 > RAP averages > Feb - August 2011
    > http://www.virusbtn.com/vb100/rap-index.xml
    ___

    Symantec Enterprise Vault multiple vuln - hotfix available
    - https://secunia.com/advisories/45834/
    Release Date: 2011-09-02
    Criticality level: Highly critical
    Impact: DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Symantec Enterprise Vault 10.x, 8.x, 9.x
    CVE Reference(s): CVE-2011-0794, CVE-2011-0808, CVE-2011-2264, CVE-2011-2267
    ...more information:
    - https://secunia.com/advisories/44295/
    - https://secunia.com/advisories/45297/
    Solution: Apply hotfix.
    Original Advisory: Symantec:
    http://www.symantec.com/business/sec...id=20110901_00

    Last edited by AplusWebMaster; 2011-09-05 at 17:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Symantec IM Manager multiple vulns - update available

    FYI...

    Symantec IM Manager multiple vulns - update available
    - https://secunia.com/advisories/43157/
    Release Date: 2011-09-30
    Impact: Cross Site Scripting, System access
    Where: From local network
    ... Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in version 8.4.17 and prior.
    Solution: Update to version 8.4.18.
    Original Advisory: Symantec:
    http://www.symantec.com/business/sec...id=20110929_00
    SYM11-012
    September 29, 2011

    - http://www.securitytracker.com/id/1026130
    CVE Reference: CVE-2011-0552, CVE-2011-0553, CVE-2011-0554
    Sep 30 2011

    Last edited by AplusWebMaster; 2011-10-01 at 07:33.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down MS flags Chrome as virus

    FYI...

    MS flags Chrome as virus
    - http://tech.slashdot.org/story/11/09...ome-as-a-virus
    September 30, 2011 - "Reports poured in this morning that Microsoft's security products, namely Microsoft Security Essentials and Forefront Client Security, were flagging Google Chrome as a virus (PWS:Win32/Zbot) and removing the browser if users chose to clean and reboot their machines. Users reported that the only way to mitigate the problem was to set MSE and Forefront to 'always allow' Zbot, which is generally considered to be a bad idea... Microsoft has now pushed another update* to resolve the issue..."
    * http://www.microsoft.com/security/po...9#summary_link
    September 30th, 2011
    ___

    - https://isc.sans.edu/diary.html?storyid=11701
    Last Updated: 2011-09-30 19:19:10 UTC

    Last edited by AplusWebMaster; 2011-09-30 at 23:23.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Symantec products - multiple vulns

    FYI...

    Symantec products KeyView Parsers multiple vulns
    - https://secunia.com/advisories/44273/
    Release Date: 2011-10-07
    Criticality level: Highly critical
    Impact: System access
    Where: From remote ...
    Solution Status: Vendor Patch ...
    Original Advisory: Symantec (SYM11-013):
    http://www.symantec.com/business/sec...id=20111006_00

    - http://www.securitytracker.com/id/1026155
    - http://www.securitytracker.com/id/1026156
    - http://www.securitytracker.com/id/1026157
    CVE Reference: CVE-2011-0337, CVE-2011-0338, CVE-2011-0339, CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1218, CVE-2011-1512
    Oct 7 2011

    Last edited by AplusWebMaster; 2011-10-10 at 14:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Norton blocks Facebook as 'phishing site'

    FYI...

    Norton blocks Facebook as 'phishing site'
    - http://www.theregister.co.uk/2011/10...ocks_facebook/
    14th October 2011 - "Symantec has withdrawn an update to its Norton consumer security software that branded Facebook a phishing site on Wednesday. The snafu meant that users of Norton Internet Security were blocked from accessing the social networking site and were told a "fraudulent web page" had been blocked... Security firms update their signature definition files to detect either rogue applications or questionable websites at increasing frequency in order to keep up with malware production rates*. Plenty of effort is put into the quality assurance process across the industry but even so mistakes sometimes occur. False positives are a cross-industry problem that affects all vendors."

    * http://www.av-test.org/en/statistics/malware/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ClamAV v0.97.3 released

    FYI...

    ClamAV v0.97.3 released
    - https://secunia.com/advisories/46455/
    Release Date: 2011-10-18
    Criticality level: Moderately critical
    Impact: DoS, System access
    Where: From remote
    ... vulnerability is reported in version 0.97.2. Prior versions may also be affected.
    Solution: Update to version 0.97.3.
    > http://www.clamav.net/lang/en/

    - http://blog.clamav.net/2011/10/clama...-released.html
    October 17, 2011

    - http://www.securitytracker.com/id/1026217
    Oct 19 2011
    Version: prior to 0.97.3

    Last edited by AplusWebMaster; 2011-10-20 at 14:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Mac trojan disables XProtect updates

    FYI...

    Mac trojan disables XProtect updates
    - http://www.f-secure.com/weblog/archives/00002256.html
    October 19, 2011 - "... Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application... wipes out certain files, thus, preventing XProtect from automatically receiving future updates. Attempting to disable system defenses is a very common tactic for malware — and built-in defenses are naturally going to be the first target on any computing platform..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •