[业界] Symantec防病毒产品发现严重缺陷

安全研究公司eEye周四提醒，Symantec的诺顿防病毒产品10.x存在高风险的漏洞，可能会导致任意代码执行。据这项发布在eEye网站的建议称，这个漏洞不需要用户作出任何动作就会被利用。
　　特别麻烦的是，在漏洞被利用后，一个黑客获得了一个shell脚本的权限。这意味着攻击者可能得到执行任意操作的权限，系统也可能因而遭到蠕虫感染。
　　调查数据表明，该问题可能影响数百万的Symantec用户。现有超过200万系统在使用Symantec的防病毒软件。
　　Symantec目前正在调查eEye的声明，但至发稿时间止，未有进一步说法。不过公司称，他们会在最短时间作出回应，可能的话将会修复这个漏洞。
　　虽然目前还找不到对外公开的攻击代码，但黑客找到利用漏洞的办法只是时间的问题。也许他们已经找到了，只是安全公司还没有留意到。
　　Cupertino, Calif.——安全软件的底层开发商，因为此事以及这些年来其他失误而受到了批评。最近有好些问题都浮出了水面，包括Symantec公司在扫描引擎产品的缺陷，以及它在扫描RAR文件方式上的严重缺陷。
　　另外，Symantec还被发现在产品中使用带有rootkit性质的程序，被迫退还了2004年被其收购的Veritas公司所拥有的1百万税单。
Serious Flaw Hits Symantec AntiVirus
　　By Ed Oswald, BetaNews
　　May 26, 2006, 12:49 PM
　　Security research firm eEye warned Thursday that a high-risk vulnerability exists within Symantec's Norton AntiVirus 10.x that could allow for code execution. According to an advisory posted on eEye's Web site, the flaw does not require any user interaction to be exploited.
　　Especially troubling is the fact that that after the vulnerability is exploited, a hacker gains access to a command shell. This means that the attacker would be able to perform just about any action, and opens up the possibility of a worm automatically infecting systems.
　　The problem potentially affects millions of Symantec users, according to researchers. Over 200 million systems use Symantec's antivirus software.
　　Symantec is currently investigating eEye's claims but had nothing further to add at press time. It noted, however, that the company was prepared to offer a quick response and fix if necessary.
　　While proof-of-concept code is not publicly available at this time, it could be only a matter of time before hackers figure out ways to exploit the vulnerability. It is also possible they are doing so already, and security researchers aren't yet aware of it.
　　The Cupertino, Calif., based security software maker has been criticized for such issues and other missteps over the years. Recently, several problems have surfaced, including flaws in the company's Scan Engine product, as well as a critical flaw in the way it scans RAR files.
　　Additionally, Symantec has been caught using a rootkit-like feature in its products, and has suffered financial setbacks from a $1 billion tax bill owed by Veritas, which was bought by Symantec in 2004.
新闻来源：betanews
(DRL.翻译)