News
News
5/30/2006
12:58 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Symantec Patches Flaw In Five Days

A stack overflow in several products, including its anti-virus family, was fully patched as of Sunday, according to an updated advisory on Symantec's Web site.

Symantec finished patching its buggy anti-virus line Sunday, just days after another security vendor said that machines running Symantec's enterprise products could be easily hijacked.

A stack overflow in the Cupertino, Calif. security company's Client Security 3.0 and 3.1, and its AntiVirus Corporate Edition 10.0 and 10.1, were fully patched as of Sunday, according to an updated advisory on Symantec's Web site. The fixes must be downloaded and installed manually.

Early Friday, Symantec confirmed that the two corporate anti-virus titles were flawed, and said it was working on a fix. Later that day, the company posted signature updates to its intrusion prevention system (IPS) appliances to protect those customers with the hardware on their networks.

The bug was discovered by Aliso Viejo, Calif.-based eEye Digital Security, which on Wednesday disclosed the vulnerability. eEye rated it as a "high" threat because it could be exploited by a worm that didn't require any user interaction.

As expected, Symantec's patch job was remarkably quick. Last week, eEye Digital spokesman Mike Puterbaugh said he was counting on Symantec to fix the flaw fast. "Symantec will fix this fairly quickly," said Puterbaugh. "Certainly a lot faster than the 140+ day average it takes Microsoft to fix a vulnerability."

Symantec's consumer-grade anti-virus family, which is sold under the Norton nameplate, was not vulnerable to the bug.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.