| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Feb 2005 17:44:48 -0500 From: "Roger A. Grimes" <roger@...neretcs.com> To: <mvpsectalk@...vps.com>, "Patch Management Mailing List" <patchmanagement@...tserv.patchmanagement.org>, <bugtraq@...urityfocus.com>, "Windows NTBugtraq Mailing List" <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM> Subject: Symantec UPX issue solution Per Symantec, if you update signatures via the normal LiveUpdate automatic process, your product should not be vulnerable. Updated signatures were released two days ago. Threats with the UPX exploit code will be detected as: http://www.sarc.com/avcenter/venc/data/bloodhound.exploit.26.html This works because the signature detection engine can examine the code first, before exposing the vulnerable part of the UPX decomposer to the exploit. Of course, you probably still need to upgrade your software to the appropriate version, but it is not as bad as some have claimed (mea culpa) Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI *email: roger@...neretcs.com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ ****
Powered by blists - more mailing lists