ALERT: Campus hosts compromised with Symantec vulnerabiltiy

Thread: ALERT: Campus hosts compromised with Symantec vulnerabiltiy

Search this list only Search all lists
ALERT: Campus hosts compromised with Symantec vulnerabiltiy
	2006-12-14 22:25:56
System and Network Security (SNS) is detecting a significant number of hosts on campus being compromised through the Symantec vulnerability reported in May of this year (http://www.symantec.com/ent erprise/security_response/vulnerability.jsp?bid=2006.05.25). The vulnerability can be remotely exploited on hosts running Symantec Client Security or Symantec Anti-Virus in "managed" mode, which listens on port 2967. The latest version of Symnatec, available from http://software.berkele y.edu. is not vulnerable to this exploit. We strongly urge all campus users to upgrade to the latest version of Symantec as soon as possible. We are also seeing some hosts becoming exploited multiple times after the machine was supposedly re-formatted/re-imaged. Please make sure that all of your disk images contain the latest version of Symantec from http://software.berkeley .edu and that all installers used for fresh builds are current. Since each Symantec upgrade takes a considerable amount of time, firewall rules can be used to mitigate the risk until each machine can be reached. Change your firewall settings to allow inbound access to port 2967 only from the Symantec management server, or not at all if you are not using a management server. Using Active Directory (Windows Firewall) or a Symantec management server (Symantec Client Firewall) to push out new firewall rules is a quick way to protect the machines until each Symantec installation can be upgraded. SNS can detect hosts compromised with this exploit using our IDS systems, and we are notifying security contacts of compromised hosts. We will also be reporting on hosts with port 2967 open to security contacts. Please contact us at securityberkeley.edu if you have any additional questions about this issue. -- Allison Henry System and Network Security University of California, Berkeley http://security.berkeley .edu ------------------------------------------------------------ ------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.be rkeley.edu/>.

[1]

about | contact Other archives ( Real Estate discussion Medical topics )