[77841] in North American Network Operators' Group
Re: Symantec AV may execute viruses
daemon@ATHENA.MIT.EDU (Dragos Ruiu)
Thu Feb 10 15:07:57 2005
From: Dragos Ruiu <dr@kyx.net>
To: "Paul G" <paul@rusko.us>, <nanog@merit.edu>
Date: Thu, 10 Feb 2005 12:01:15 -0800
In-Reply-To: <189401c50f9e$82d0d260$0200a8c0@rusko>
Errors-To: owner-nanog-outgoing@merit.edu
On February 10, 2005 10:29 am, Paul G wrote:
> ----- Original Message -----
> From: "Jeff Wheeler" <jwheeler@usip.org>
> To: "Colin Johnston" <colinj@mx5.org.uk>
> Cc: <nanog@merit.edu>
> Sent: Thursday, February 10, 2005 1:18 PM
> Subject: Re: Symantec AV may execute viruses
>
> > Also, it doesn't appear that this issue effects the Mac software (at
> > least, I didn't see the Mac products in the Symantec vulnerability
> > list), only Windows products.
>
> if this is a heap overflow and if osx uses a bsd-derived libc (with phy
> malloc implementation), the vulnerability would not be exploitable. this
> seems like a probable explanation.
Neil Mehta & Alex Wheeler from ISS who identified this and a number
of other AV issues will be doing a presentation on it entitled, "Owning
Antii-Virus" at CanSecWest.
cheers,
--dr
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada May 4-6 2005 http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp
