I thought it was having issues with a certain sp or hotfix, so I manually applied SP2 to our 2010 R3 install, and installed 4 hotfixes post SP2. The company is also insisting that although LiveUpdate 1.6 could be hit by a denial of service attack, "only a small percentage of a very large user base could potentially be impacted to any degree as the spoofing or redirection would, by its very nature, be limited to a local Internet area/region".Ever since I updated to BE 2010 the live update tries to update and fails. have been widely known to be an Internet infrastructure problem, not a Symantec product problem, for some time and have been utilised in many well-publicised DNS spoofing, redirection, cache poisoning attacks," reads the Symantec response. Mis-direction attacks can also be controlled by Norton AntiVirus products, which are designed to detect and block malware.ĭespite admitting to the vulnerability of its product, Symantec is refusing to accept all of the responsibility. According to Symantec, this makes it virtually impossible to use the latest version as a penetration tool. LiveUpdate 1.6 follows the same update procedure, but includes the safeguard of "cryptographic signatures" of all update files.
LiveUpdate will then uncompress the files and perform the actions described in their coding, which includes the execution of downloadable attachments. LiveUpdate will then try to download the necessary files, which will be compared with existing versions of Symantec software installed on the host to see if an upgrade is needed. "An attacker can use one of several attacks to return false information to the querying host."Īccording to the Phenoelit alert, when the host running LiveUpdate tries to connect to via FTP, it is possible for an attacker to redirect the request to a server of their choice. "When LiveUpdate 1.4 is started (either by hand or by a scheduled task), it looks for the server ''," states the Phenoelit bulletin.
The German hacking group Phenoelit who spotted the security hole is adamant that LiveUpdate could be forced to download illicit programmes onto the querying host. The risk of unauthorised intrusion is lessened on systems running the latest version 1.6, but network degradation and outages could still be possible. Symantec, which makes antivirus and security software, has confirmed that older versions of its virus definition software will allow the deployment of malware such as trojan application viruses, and the remote penetration of systems running LiveUpdate. A group of German hackers have exposed a new vulnerability in Symantec's LiveUpdate 1.4, which could be used to download and run hostile code from an unauthorised server.
0 kommentar(er)
