[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS
From: Dan Margolis <krispykringle@xxxxxxxxxx>
Date: Mon, 13 Dec 2004 21:45:36 -0500

If an attacker can spoof the signature file download site, he can
potentially do quite a bit worse than this (in that he can deny the
usability of the antivirus engine at all by providing a bogus
signature file). I'd think that some form of cryptography would be in
use to prevent this (either SSL or signing of the archives
themselves). Am I mistaken? 

(Caveat being that I don't use any anti-virus products of this nature,
so I really don't know.)

On Thu, Nov 04, 2004 at 03:56:02PM -0800, vuln@xxxxxxxxxxx wrote:
> After downloading ZIP archive off the website (either legitimate
> Symantec website or a spoofed one controlled by attacker)
-- 
Dan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS
  - From: vuln

Prev by Date: RE: [Full-Disclosure] TCP Port 42 port scans? What the heck over...
Next by Date: [Full-Disclosure] STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability
Previous by thread: [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS
Next by thread: [Full-Disclosure] Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
Index(es):
- Date
- Thread