Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:DL:SYM-AV-RAR-BO

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Symantec AntiVirus RAR Archive Decompression Buffer Overflow

Release Date

 2010/09/17

Update Number

 1775

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Symantec AntiVirus RAR Archive Decompression Buffer Overflow


This signature detects attempts to exploit a known vulnerability in Symantec AntiVirus. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Extended Description

The Symantec antivirus library is prone to multiple heap-based buffer-overflow vulnerabilities. Attackers could exploit this vulnerability to compromise computers running applications that use the affected library. The issue occurs in the RAR archive decompression routines. The issue may affect all platforms running applications that use the library, including Microsoft Windows and Mac OS X releases of the applications. Symantec is currently investigating this issue. Note that the issue could affect third-party applications that include the library.

Affected Products

  • Symantec antispam_for_smtp 3.1.0
  • Symantec antivirus_corporate_edition 10.0.0
  • Symantec antivirus/filtering_for_domino_nt 3.1.0
  • Symantec antivirus/filtering_for_domino_nt 3.1.0 build 3.1.1
  • Symantec antivirus/filtering_for_domino_nt 3.1.1
  • Symantec antivirus/filtering_for_domino_ports 3.0.0
  • Symantec antivirus/filtering_for_domino_ports 3.0.0 (AIX) build 3.0.5
  • Symantec antivirus/filtering_for_domino_ports 3.0.0 (Linux) build 3.0.5
  • Symantec antivirus/filtering_for_domino_ports 3.0.0 (OS400) build 3.0.5
  • Symantec antivirus/filtering_for_domino_ports 3.0.0 (S390)
  • Symantec antivirus/filtering_for_domino_ports 3.0.0 (Solaris)build 3.0.5
  • Symantec antivirus/filtering_for_domino_ports 3.0.11
  • Symantec antivirus_for_handhelds 3.0.0
  • Symantec antivirus_for_handhelds 3.0.0 .0.194
  • Symantec antivirus_for_handhelds_corporate_edition 3.0.0
  • Symantec antivirus_for_ms_office_sharepoint_portal_server 2003
  • Symantec antivirus_for_smtp 3.1.0
  • Symantec antivirus_for_smtp 3.1.0 build 3.1.1
  • Symantec antivirus_for_smtp 3.1.0 build 3.1.2
  • Symantec antivirus_for_smtp 3.1.0 build 3.1.3
  • Symantec antivirus_for_smtp 3.1.0 build 3.1.4
  • Symantec antivirus_for_smtp 3.1.0 build 3.1.5
  • Symantec antivirus_for_smtp 3.1.0 build 3.1.6
  • Symantec antivirus_for_smtp 3.1.7
  • Symantec antivirus_for_smtp 4.0.0
  • Symantec antivirus_for_smtp 4.1.9
  • Symantec antivirus_scan_engine 4.0.0
  • Symantec antivirus_scan_engine 4.1.0
  • Symantec antivirus_scan_engine 4.1.8
  • Symantec antivirus_scan_engine 4.3.0
  • Symantec antivirus_scan_engine 4.3.0 build 4.3.3
  • Symantec antivirus_scan_engine 4.3.0 build 4.3.7.27
  • Symantec antivirus_scan_engine 4.3.0 build 4.3.8.29
  • Symantec antivirus_scan_engine 4.3.12
  • Symantec antivirus_scan_engine 4.3.3
  • Symantec antivirus_scan_engine 5.0.1
  • Symantec antivirus_scan_engine_for_bluecoat 4.0.0
  • Symantec antivirus_scan_engine_for_bluecoat 4.3.0
  • Symantec antivirus_scan_engine_for_bluecoat 4.3.0 build 4.3.3
  • Symantec antivirus_scan_engine_for_bluecoat 4.3.12
  • Symantec antivirus_scan_engine_for_caching 4.3.0
  • Symantec antivirus_scan_engine_for_caching 4.3.12
  • Symantec antivirus_scan_engine_for_clearswift 4.0.0
  • Symantec antivirus_scan_engine_for_clearswift 4.3.0
  • Symantec antivirus_scan_engine_for_clearswift 4.3.12
  • Symantec antivirus_scan_engine_for_filers 4.3.0
  • Symantec antivirus_scan_engine_for_filers 4.3.0 build 4.3.3
  • Symantec antivirus_scan_engine_for_isa 4.3.0
  • Symantec antivirus_scan_engine_for_isa 4.3.0 build 4.3.3
  • Symantec antivirus_scan_engine_for_isa 4.3.12
  • Symantec antivirus_scan_engine_for_messaging 4.3.12
  • Symantec antivirus_scan_engine_for_microsoft_portal 4.3.0
  • Symantec antivirus_scan_engine_for_microsoft_sharepoint 4.3.12
  • Symantec antivirus_scan_engine_for_netapp_filer 4.0.0
  • Symantec antivirus_scan_engine_for_netapp_filer 4.3.0
  • Symantec antivirus_scan_engine_for_netapp_filer 4.3.0 build 4.3.3
  • Symantec antivirus_scan_engine_for_netapp_filer 4.3.12
  • Symantec antivirus_scan_engine_for_netapp_netcache 4.0.0
  • Symantec antivirus_scan_engine_for_netapp_netcache 4.3.0
  • Symantec antivirus_scan_engine_for_netapp_netcache 4.3.0 build 4.3.3
  • Symantec antivirus_scan_engine_for_netapp_netcache 4.3.12
  • Symantec antivirus_scan_engine_for_network_attached_storage 4.3.12
  • Symantec brightmail_anti-spam 4.0.0
  • Symantec brightmail_anti-spam 5.5.0
  • Symantec brightmail_anti-spam 6.0.0
  • Symantec brightmail_anti-spam 6.0.1
  • Symantec brightmail_anti-spam 6.0.2
  • Symantec clientless_vpn_gateway_4400_series 5.0.0
  • Symantec client_security 3.0.0
  • Symantec client_security_for_nokia_communicator
  • Symantec enterprise_firewall 8.0.0
  • Symantec enterprise_firewall 8.0.0 NT/2000
  • Symantec enterprise_firewall 8.0.0 Solaris
  • Symantec firewall/vpn_appliance_100
  • Symantec firewall/vpn_appliance_200
  • Symantec gateway_security 1.0.0
  • Symantec gateway_security_300 2.0.0
  • Symantec gateway_security_400 2.0.0
  • Symantec gateway_security_5000_series 3.0.0
  • Symantec gateway_security_5200 1.0.0
  • Symantec gateway_security_5300 1.0.0
  • Symantec gateway_security_5300
  • Symantec gateway_security_5310 1.0.0
  • Symantec gateway_security_5400 2.0.0
  • Symantec gateway_security_5400 2.0.1
  • Symantec gateway_security_5440
  • Symantec i-gear_ms_proxy 3.5.0
  • Symantec mail_security_for_domino 4.0.0
  • Symantec mail_security_for_domino 4.0.0 build 4.0.1
  • Symantec mail_security_for_domino 4.0.1
  • Symantec mail_security_for_domino 4.1.0
  • Symantec mail_security_for_domino 4.1.4
  • Symantec mail_security_for_microsoft_exchange 4.0.0
  • Symantec mail_security_for_microsoft_exchange 4.0.0 build 456
  • Symantec mail_security_for_microsoft_exchange 4.0.0 build 463
  • Symantec mail_security_for_microsoft_exchange 4.0.0 build 465
  • Symantec mail_security_for_microsoft_exchange 4.0.0 build 736
  • Symantec mail_security_for_microsoft_exchange 4.0.0 build 741
  • Symantec mail_security_for_microsoft_exchange 4.0.0 build 743
  • Symantec mail_security_for_microsoft_exchange 4.5.0
  • Symantec mail_security_for_microsoft_exchange 4.5.0 build 4.5.4.743
  • Symantec mail_security_for_microsoft_exchange 4.5.0 build 719
  • Symantec mail_security_for_microsoft_exchange 4.5.0 build 736
  • Symantec mail_security_for_microsoft_exchange 4.5.0 build 741
  • Symantec mail_security_for_microsoft_exchange 4.5.0 build 743
  • Symantec mail_security_for_microsoft_exchange 4.6.0 build 4.6.1.107
  • Symantec mail_security_for_microsoft_exchange 4.6.0 build 97
  • Symantec mail_security_for_microsoft_exchange 4.6.3
  • Symantec mail_security_for_microsoft_exchange 5.0.0
  • Symantec mail_security_for_smtp 4.0.0
  • Symantec mail_security_for_smtp 4.0.0 build 4.0.2
  • Symantec mail_security_for_smtp 4.0.0 build 4.0.5.66
  • Symantec mail_security_for_smtp 4.0.0 build 4.1.4.30
  • Symantec mail_security_for_smtp 4.0.2
  • Symantec mail_security_for_smtp 4.1.0
  • Symantec norton_antivirus_2001
  • Symantec norton_antivirus_2001_professional_edition
  • Symantec norton_antivirus_2002
  • Symantec norton_antivirus_2002_professional_edition
  • Symantec norton_antivirus_2003
  • Symantec norton_antivirus_2003_professional_edition
  • Symantec norton_antivirus_2004
  • Symantec norton_antivirus_2004_for_macintosh
  • Symantec norton_antivirus_2004_professional_edition
  • Symantec norton_antivirus_2005 11.0.0
  • Symantec norton_antivirus_2005 11.0.9
  • Symantec norton_antivirus_2005
  • Symantec norton_antivirus_2005_professional_edition
  • Symantec norton_antivirus_2006
  • Symantec norton_antivirus_7.0_for_macintosh
  • Symantec norton_antivirus_8.0_for_macintosh
  • Symantec norton_antivirus_9.0_for_macintosh
  • Symantec norton_antivirus_corporate_edition 7.0.0
  • Symantec norton_antivirus_corporate_edition 7.2.0
  • Symantec norton_antivirus_corporate_edition 7.5.0
  • Symantec norton_antivirus_corporate_edition 7.51.0
  • Symantec norton_antivirus_corporate_edition 7.6.0
  • Symantec norton_antivirus_corporate_edition 7.60.build 926
  • Symantec norton_antivirus_corporate_edition 7.61.0
  • Symantec norton_antivirus_corporate_edition 8.0.0
  • Symantec norton_antivirus_for_internet_email_gateways 1.0.0
  • Symantec norton_antivirus_for_macintosh 10.0.0 .0
  • Symantec norton_antivirus_for_macintosh 10.0.1
  • Symantec norton_antivirus_for_macintosh 10.9.1
  • Symantec norton_antivirus_for_macintosh 9.0.0 .0
  • Symantec norton_antivirus_for_macintosh 9.0.1
  • Symantec norton_antivirus_for_macintosh 9.0.2
  • Symantec norton_antivirus_for_macintosh 9.0.3
  • Symantec norton_antivirus_for_macintosh_corporate_edition 9.0.0
  • Symantec norton_antivirus_for_microsoft_exchange 2.18.0 build 83
  • Symantec norton_antivirus_for_ms_exchange 1.5.0
  • Symantec norton_antivirus_for_ms_exchange 2.0.0
  • Symantec norton_antivirus_for_ms_exchange 2.1.0
  • Symantec norton_antivirus_for_ms_exchange 2.18.82
  • Symantec norton_antivirus_for_ms_exchange 2.18.85
  • Symantec norton_antivirus_for_ms_exchange 2.18.88
  • Symantec norton_antivirus_for_ms_exchange 2.5.0
  • Symantec norton_internet_security_2001
  • Symantec norton_internet_security_2001_professional_edition
  • Symantec norton_internet_security_2002
  • Symantec norton_internet_security_2002_professional_edition
  • Symantec norton_internet_security_2003
  • Symantec norton_internet_security_2004_professional_edition
  • Symantec norton_internet_security_2005_professional_edition
  • Symantec norton_internet_security_2006_professional_edition
  • Symantec norton_internet_security_for_macintosh_2.0
  • Symantec norton_internet_security_for_macintosh_3.0
  • Symantec norton_personal_firewall_2004
  • Symantec norton_personal_firewall_2005
  • Symantec norton_personal_firewall_2006
  • Symantec norton_personal_firewall_for_macintosh 3.1.0
  • Symantec norton_systemworks_2004
  • Symantec norton_system_works_2004_for_macintosh
  • Symantec norton_systemworks_2004_professional_edition
  • Symantec norton_system_works_2005 11.0.0
  • Symantec norton_system_works_2005 11.0.9
  • Symantec norton_system_works_2005 Premier
  • Symantec norton_system_works_2005_premier
  • Symantec norton_system_works_2006
  • Symantec norton_system_works_7.0_for_macintosh
  • Symantec norton_system_works_for_macintosh_3.0
  • Symantec web_security 3.0.1
  • Symantec web_security 3.0.1 .70
  • Symantec web_security 3.0.1 build 3.01.59
  • Symantec web_security 3.0.1 build 3.01.60
  • Symantec web_security 3.0.1 build 3.01.61
  • Symantec web_security 3.0.1 build 3.01.62
  • Symantec web_security 3.0.1 build 3.01.63
  • Symantec web_security 3.0.1 build 3.01.67
  • Symantec web_security 3.0.1 build 3.01.68
  • Symantec web_security 3.0.1 build 3.0.1.70
  • Symantec web_security 3.0.1 build 3.0.1.72
  • Symantec web_security 3.0.1 build 3.0.1.74
  • Symantec web_security 3.0.1 Build 62

References

  • BugTraq: 15971
  • CVE: CVE-2005-4438
  • URL: http://www.kb.cert.org/vuls/id/305272

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out