Signature Detail

APP: Norton Anti-Virus Enterprise Web OverFlow

This signature detects attempts to exploit a known vulnerability in Norton Antivirus Enterprise (NAV). A successful attack can cause a stack overflow causing a denial-of-service condition or arbitrary code execution.

Extended Description

A buffer overflow vulnerability exists in the Web-based administrative interface of the Symantec Antivirus Scan Engine. This issue is due to improper bound checking of user-supplied data prior to copying it into an insufficiently sized memory buffer. This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. This allows remote attackers to gain privileged remote access to computers running the affected application.

Affected Products

• Symantec antivirus_scan_engine 4.0.0
• Symantec antivirus_scan_engine 4.3.0
• Symantec antivirus_scan_engine_for_bluecoat 4.0.0
• Symantec antivirus_scan_engine_for_caching 4.3.0
• Symantec antivirus_scan_engine_for_clearswift 4.0.0
• Symantec antivirus_scan_engine_for_clearswift 4.3.0
• Symantec antivirus_scan_engine_for_isa 4.0.0
• Symantec antivirus_scan_engine_for_isa 4.3.0
• Symantec antivirus_scan_engine_for_messaging 4.3.0
• Symantec antivirus_scan_engine_for_microsoft_portal 4.3.0
• Symantec antivirus_scan_engine_for_microsoft_sharepoint 4.3.0
• Symantec antivirus_scan_engine_for_netapp_filer 4.0.0
• Symantec antivirus_scan_engine_for_netapp_netcache 4.0.0
• Symantec antivirus_scan_engine_for_network_attached_storage 4.3.0

References

• BugTraq: 15001
• CVE: CVE-2005-2758
• URL: http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities&flashstatus=true
• URL: http://www.kb.cert.org/vuls/id/849209