Norton Security Alert

Security Alert, October 11, 2005
Symantec Antivirus Scan Engine Might Run Arbitrary Code
iDEFENSE reported a vulnerability in Symantec Antivirus Scan Engine.
The engine lets third-party applications interface with Symantec's content-scanning technologies. The vulnerability exists in the Web- based administrative interface, which doesn't properly validate input provided through HTTP requests. If an intruder gains access to the administrative interface's TCP port (8004), he or she might be able to launch arbitrary code and gain privileged access to the system.
The problem affects Symantec Antivirus Scan Engine 4.0 for:
Microsoft ISA Server 2000, NetApp Filer, NetApp NetCache, Bluecoat, and Clearswift. The problem also affects Symantec Antivirus Scan Engine 4.3
for: Microsoft ISA Server 2000, Microsoft SharePoint, Messaging, Network Attached Storage, Caching, and Bluecoat. Symantec said that Symantec Antivirus Scan Engine 4.1 isn't affected.
Symantec has released an update to correct the problem. The update is available through the company's Platinum Support Site or its FileConnect Web site. The company also recommends that administrators not expose the administrative port to external networks, such as the Internet. Alternatively, you can disable the interface by setting the administrative interface port number to zero. If the interface must remain enabled, then access to that port should be restricted in some way, such as using a secure network segment. You can also control access to the port via firewall rules.
http://list.windowsitpro.com/t?ctl=160D2:43C5FC
http://list.windowsitpro.com/t?ctl=160D0:43C5FC