Disclaimer: This news item was originally posted on Tuesday, Sep 12, 2006. Its content may no longer be timely or accurate.
Symantec Antivirus Corporate Editon Privilege Escalation Vulnerability Announced
Posted: 19:00:00, Tuesday, Sep 12, 2006 Expiration: 19:00:00, Tuesday, Sep 19, 2006
Symantec released information on September 13th regarding an elevation of privilege vulnerability in their Symantec Antivirus Corporate Edition (SAVCE) and Symantec Client Security (SCS) products. The Symantec announcement is here: http://www.symantec.com/avcenter/security/Content/2006.09.13.html. Note that Symantec is not aware of any attempts to exploit this vulnerability at this time. Note also that this vulnerability is not remotely exploitable; it requires local access to work.
SAVCE 10.1 and SCS 3.1 are *NOT* vulnerable. These are the recommended installs on the current Security Software Starter CD.
SAVCE 184.108.40.2060 (MR5 w/ MP1) is not vulnerable, and that is the version of the 9 client available for download on https://software.doit.wisc.edu. The Security CD only has the previous version (220.127.116.110), so anyone running SAVCE 9 should check their versions and upgrade if necessary.
Symantec has announced an elevation of privilege vulnerability in their Symantec Antivirus Corporate Edition and Symantec Client Security products.
-- Allen Monette and Shaun Fischer
Created: 11:49:04, Wednesday, Sep 13, 2006 (by Allen M.)
Updated: 11:50:25, Wednesday, Sep 13, 2006 (by Allen M.)