Multiple AV vendor vulns / updates / issues

AplusWebMaster

AplusWebMaster

New member
Advisor Team
Symantec AV multiple vulns - update available

FYI...

Symantec AV multiple vulns - update available
- http://secunia.com/advisories/43099/
Release Date: 2011-01-27
Criticality level: Moderately critical
Impact: DoS, System access
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, System Center 10.x
CVE Reference(s): CVE-2010-0110, CVE-2010-0111
... Intel AMS2 component when processing certain messages can be exploited to run arbitrary commands | cause a buffer overflow | create arbitrary events | cause a DoS ...
Solution: Update to version 10.1 MR10.
Original Advisory:
- http://www.symantec.com/business/se...isory&pvid=security_advisory&suid=20110126_00
- http://www.symantec.com/business/se...isory&pvid=security_advisory&suid=20110126_01

- http://www.securitytracker.com/id/1024996
Jan 27 2011
- http://www.securitytracker.com/id/1024997
Jan 28 2011

:fear:
 
Last edited:
Clam AV vuln - update v0.97 available

FYI...

Clam AV vuln - update v0.97 available
- http://secunia.com/advisories/43392/
Release Date: 2011-02-21
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... The vulnerability is reported in versions prior to 0.97.
Solution: Update to version 0.97...
- http://www.clamav.net/lang/en/download/sources/
"... Latest stable release: ClamAV 0.97... Please read the upgrade instructions before upgrading..."
* http://wiki.clamav.net/Main/UpgradeInstructions"

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1003
Last revised: 02/24/2011

- http://www.securitytracker.com/id/1025100
Feb 21 2011

:fear:
 
Last edited:
CA multiple ActiveX vulns - update available ...

FYI...

CA ActiveX vuln - update available
* http://secunia.com/advisories/43377/
Release Date: 2011-02-24
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
Original Advisory: ZDI / CA (CA20110223-01):
http://www.zerodayinitiative.com/advisories/ZDI-11-093/

CA ActiveX vuln - update available
- http://secunia.com/advisories/43490/
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
Solution: Set the kill-bit for the affected ActiveX control. Reportedly, the vendor will issue fix information soon.
For more information: SA43377*

- http://www.securitytracker.com/id/1025120
Updated: Feb 26 2011
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1036
Last revised: 03/11/2011
CVSS v2 Base Score: 8.8 (HIGH)

:fear:
 
Last edited:
F-Secure multiple vulns - update available

FYI...

F-Secure multiple vulns - update available
- http://secunia.com/advisories/43049/
Release Date: 2011-02-24
Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote...
Software: F-Secure Policy Manager 8.x, F-Secure Policy Manager 9.x
... The weakness and the vulnerability are confirmed in version 9.00.30231 and also reported in versions 8.00 and 8.1x.
Solution: Apply patches.
Original Advisory: F-Secure (FSC-2011-2):
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html

- http://www.securitytracker.com/id/1025124
Feb 24 2011
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1102
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1103
Last revised: 03/11/2011
"... before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux..."

:fear:
 
Last edited:
McAfee Firewall Reporter vuln - fix...

FYI...

McAfee Firewall Reporter vuln - fix
- https://kc.mcafee.com/corporate/index?page=content&id=SB10015
Security Bulletins ID: SB10015
Last Modified: April 11, 2011
This update fixes a bug that leverages an issue in the authentication sequence to allow unauthorized users access to the system...
> Remediation..."
(See the URL above.)

- http://www.securitytracker.com/id/1025314
Apr 11 2011
Version: prior to 5.1.0.13...

- http://secunia.com/advisories/44110/
Criticality level: Moderately critical
___

- http://www.theregister.co.uk/2011/04/06/mcafee_email_filter_screw_up/
6 April 2011 - "McAfee has apologised for a Sesame Street-style mix-up over the weekend that temporarily prevented any customers with addresses that start with the letter A from receiving email. The glitch... bounced emails sent to supported inboxes that began with an A or a non-alphanumeric special character (eg, @£$). In a statement, McAfee blamed a rogue script for the mix-up, which has now been resolved..."

:sad:
 
Last edited:
Avast! false positive - virus defs 110411-1 ...

FYI...

Avast! false positive - virus defs 110411-1 ...
- https://blog.avast.com/2011/04/11/false-positive-issue-with-virus-defs-110411-1/
April 11 2011 - "Virus definition update 110411-1 contained an error that resulted in a good number of innocent sites being flagged as infected. Generally, all sites with a script in a specific format were affected... We sincerely apologize for the inconvenience..."

- http://news.cnet.com/8301-1009_3-20053085-83.html
April 12, 2011 - "... the update was downloaded by around 5 million users, mostly on the Western Hemisphere..."

"Some of the sites affected by this Avast false positive include Wikipedia, Yahoo, PCWorld, and Youtube..."
(Hat tip to cnm @ spywareinfoforum.com)*
* http://www.spywareinfoforum.com/ind...nnocent-sites/page__view__findpost__p__744891

:fear:
 
Last edited:
CA ActiveX controls vuln ...

FYI...

CA ActiveX controls vuln...
- http://secunia.com/advisories/43681/
Release Date: 2011-04-21
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-1719
Solution: Apply APARs.
Original Advisory: CA:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={DED5B724-B500-46DA-A855-B2AF457B5364}
___

- http://www.securitytracker.com/id/1025423
CVE Reference: CVE-2011-1718
Apr 21 2011
- http://www.securitytracker.com/id/1025424
CVE Reference: CVE-2011-1719
Apr 21 2011

:fear::fear:
 
Last edited:
Avira AV v10 SP2 released

FYI...

Avira AV v10 SP2 released
- http://techblog.avira.com/2011/06/28/service-pack-2-for-avira-antivir-v10/en/
June 28, 2011 - "... Service Pack 2 to all AntiVir v10 products today: Personal, Premium, Premium Security Suite, Professional and Server. Avira’s Service Pack 2 update will be made available as product update to all customers, paid and free in English and German. The other languages will follow in the next few weeks. Please make sure you have enabled Product Updates by choosing the first option in Configuration -> Update->Product Update...
... fixed many issues which our users reported
... improved the protection overall by enhancing the heuristic detection and the repair functionality
... enabled the protection of the product itself and that of the entire operating system by enabling automatically the advanced process protection which prevents malware to terminate the Avira processes and to change the registry keys of the system.
... antirootkits protection was enhanced in order to be able to detect new methods of hiding malware...
You must restart your system after SP2 is installed in order to use the new drivers. Please save your work to prevent any loss of data.
Please read here about how to prepare for the reboot if you are in a company: http://www.avira.com/en/support-for-home-knowledgebase-detail?kbid=841
... and check this document for the default values http://www.avira.com/files/support/FAQ_KB/EN/Restart_Behavior_AV10_SP2_Prof_EN.pdf ...

... The SP2 brings also an optional toolbar to the users of the AntiVir Personal Free. If the user installs it, uses the toolbar and clicks on the links provided, Avira gets some money from the provider of the toolbar, the well-known search provider Ask .com... For more information about data collected, please read the Ask’s privacy policy available here:
http://sp.ask.com/en/docs/about/privacy.shtml
Most visible innovations in the SP2: http://www.avira.com/en/support-for-business-faq-detail/faqid/854
Release Information of SP2 at a glance: http://www.avira.com/en/support-for-home-faq-detail/faqid/840.
Detailed information of the changes performed in the products by the SP2:
http://www.avira.com/files/support/FAQ_KB/EN/Release_Information_AV10_SP2_EN.pdf
How to install the new Avira Toolbar after updating to SP2:
http://www.avira.com/en/support-for-free-faq-detail/faqid/861
How to install the new Avira Toolbar later via setup:
http://www.avira.com/en/support-for-free-faq-detail/faqid/862
How to -remove- the Avira Toolbar:
http://www.avira.com/en/support-for-free-faq-detail?faqid=863

Update: Some of our users experienced that the online protection is inactive after the SP2 update. Please see here* how to fix it.
* http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/566
___

- http://www.h-online.com/security/news/item/Service-Pack-for-Antivir-confuses-users-1271030.html
30 June 2011

:fear:
 
Last edited:
CA Gateway v8.1 Security advisory...

FYI...

CA Gateway v8.1 Security advisory...
- http://h-online.com/-1284003
22 July 2011 - "CA is warning of a critical vulnerability in its Gateway Security 8.1 business security solution that allows attackers to inject malicious code into systems... The company has provided a fix* for Gateway Security. Alternatively, users can upgrade to version 9.0. Users of Total Defense Suite r12 are also advised to take action quickly as the vulnerable version of Gateway Security is part of this security package."

* https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=RO32642&actionID=4
07/13/2011

CA20110720-01: Security Notice for CA Gateway Security and Total Defense
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5E404992-6B58-4C44-A29D-027D05B6285D}
July 20, 2011
Risk Rating: High
Platform: Windows
Affected Products: CA Gateway Security 8.1, CA Total Defense r12
Non-Affected Products: CA Gateway Security 9.0 ...
___

- http://secunia.com/advisories/45332/
Release Date: 2011-07-21
Criticality level: Moderately critical
... vulnerability is reported in versions prior to 8.1.0.69...

:fear:
 
Last edited:
ClamAV DoS vuln - update available

FYI...

ClamAV DoS vuln - update available
- http://secunia.com/advisories/45382/
Release Date: 2011-07-26
Criticality level: Moderately critical
Impact: DoS
Where: From remote...
Solution Status: Vendor Patch
... The vulnerability is reported in versions prior to 0.97.2.
Solution: Update to version 0.97.2.

- http://www.clamav.net/lang/en/
"... ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing
detection, hash matcher, and other minor issues. Please see the ChangeLog file for details..."
* http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2

:fear:
 
McAfee SaaS Endpoint v5.2.2 update released

FYI...

McAfee SaaS Endpoint v5.2.2 update released
- https://secunia.com/advisories/45506/
Release Date: 2011-08-09
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee SaaS Endpoint Protection 5.x
... vulnerabilities are reported in versions 5.2.1 and prior.
Solution: Update to version 5.2.2...

- http://www.securitytracker.com/id/1025890
Aug 9 2011
Vendor URL: https://kc.mcafee.com/corporate/index?page=content&id=SB10016

:fear:
 
Last edited:
Symantec - Veritas/NetBackup advisory...

FYI...

Symantec - Veritas/NetBackup advisory
* http://www.symantec.com/business/se...=security_advisory&year=2011&suid=20110815_00
August 15, 2011- SYM11-010
Severity: High...

- http://www.symantec.com/business/support/index?page=content&id=TECH165536
Updated: 2011-08-15

- http://www.securitytracker.com/id/1025926
- http://www.securitytracker.com/id/1025927
Aug 15 2011

- https://secunia.com/advisories/45576/
Release Date: 2011-08-15
Criticality level: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix*...

:fear::fear:
 
Symantec Enterprise Vault multiple vuln - hotfix available

FYI...

VB100 > RAP averages > Feb - August 2011
> http://www.virusbtn.com/vb100/rap-index.xml
___

Symantec Enterprise Vault multiple vuln - hotfix available
- https://secunia.com/advisories/45834/
Release Date: 2011-09-02
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec Enterprise Vault 10.x, 8.x, 9.x
CVE Reference(s): CVE-2011-0794, CVE-2011-0808, CVE-2011-2264, CVE-2011-2267
...more information:
- https://secunia.com/advisories/44295/
- https://secunia.com/advisories/45297/
Solution: Apply hotfix.
Original Advisory: Symantec:
http://www.symantec.com/business/se...isory&pvid=security_advisory&suid=20110901_00

:fear::fear:
 
Last edited:
Symantec IM Manager multiple vulns - update available

FYI...

Symantec IM Manager multiple vulns - update available
- https://secunia.com/advisories/43157/
Release Date: 2011-09-30
Impact: Cross Site Scripting, System access
Where: From local network
... Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in version 8.4.17 and prior.
Solution: Update to version 8.4.18.
Original Advisory: Symantec:
http://www.symantec.com/business/se...=security_advisory&year=2011&suid=20110929_00
SYM11-012
September 29, 2011

- http://www.securitytracker.com/id/1026130
CVE Reference: CVE-2011-0552, CVE-2011-0553, CVE-2011-0554
Sep 30 2011

:fear:
 
Last edited:
MS flags Chrome as virus

FYI...

MS flags Chrome as virus
- http://tech.slashdot.org/story/11/0...curity-products-flag-google-chrome-as-a-virus
September 30, 2011 - "Reports poured in this morning that Microsoft's security products, namely Microsoft Security Essentials and Forefront Client Security, were flagging Google Chrome as a virus (PWS:Win32/Zbot) and removing the browser if users chose to clean and reboot their machines. Users reported that the only way to mitigate the problem was to set MSE and Forefront to 'always allow' Zbot, which is generally considered to be a bad idea... Microsoft has now pushed another update* to resolve the issue..."
* http://www.microsoft.com/security/p...S:Win32/Zbot&threatid=2147598479#summary_link
September 30th, 2011
___

- https://isc.sans.edu/diary.html?storyid=11701
Last Updated: 2011-09-30 19:19:10 UTC

:fear:
 
Last edited:
Symantec products - multiple vulns

FYI...

Symantec products KeyView Parsers multiple vulns
- https://secunia.com/advisories/44273/
Release Date: 2011-10-07
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
Original Advisory: Symantec (SYM11-013):
http://www.symantec.com/business/se...=security_advisory&year=2011&suid=20111006_00

- http://www.securitytracker.com/id/1026155
- http://www.securitytracker.com/id/1026156
- http://www.securitytracker.com/id/1026157
CVE Reference: CVE-2011-0337, CVE-2011-0338, CVE-2011-0339, CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1218, CVE-2011-1512
Oct 7 2011

:fear:
 
Last edited:
Norton blocks Facebook as 'phishing site'

FYI...

Norton blocks Facebook as 'phishing site'
- http://www.theregister.co.uk/2011/10/14/norton_blocks_facebook/
14th October 2011 - "Symantec has withdrawn an update to its Norton consumer security software that branded Facebook a phishing site on Wednesday. The snafu meant that users of Norton Internet Security were blocked from accessing the social networking site and were told a "fraudulent web page" had been blocked... Security firms update their signature definition files to detect either rogue applications or questionable websites at increasing frequency in order to keep up with malware production rates*. Plenty of effort is put into the quality assurance process across the industry but even so mistakes sometimes occur. False positives are a cross-industry problem that affects all vendors."

* http://www.av-test.org/en/statistics/malware/

:sad:
 
ClamAV v0.97.3 released

FYI...

ClamAV v0.97.3 released
- https://secunia.com/advisories/46455/
Release Date: 2011-10-18
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
... vulnerability is reported in version 0.97.2. Prior versions may also be affected.
Solution: Update to version 0.97.3.
> http://www.clamav.net/lang/en/

- http://blog.clamav.net/2011/10/clamav-0973-has-been-released.html
October 17, 2011

- http://www.securitytracker.com/id/1026217
Oct 19 2011
Version: prior to 0.97.3

:fear:
 
Last edited:
Mac trojan disables XProtect updates

FYI...

Mac trojan disables XProtect updates
- http://www.f-secure.com/weblog/archives/00002256.html
October 19, 2011 - "... Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application... wipes out certain files, thus, preventing XProtect from automatically receiving future updates. Attempting to disable system defenses is a very common tactic for malware — and built-in defenses are naturally going to be the first target on any computing platform..."

:fear::fear:
 
You must log in or register to reply here.
Back
Top