ALERT! Excessive Hits to Campus Honeypot Seeking Symantec Vulnerability

The campus continues to see excessive hits to our honeypot by external systems seeking to exploit campus computing systems that are subject to the Symantec AntiVirus and Client Security Buffer Overflow Vulnerability. This vulnerability, first announced in May 2006, affects systems running Symantec AntiVirus Corporate Edition 10.0 and 10.1, and allows unauthenticated, remote attackers to compromise vulnerable machines. Individuals and departments are strongly encouraged to ensure their systems are protected against these attacks.

SOLUTIONS
Solutions include upgrading Symantec AntiVirus (see below for corrected versions) or switching to Sophos, which is available to all departments, faculty, staff, and students (except those affiliated with UCDHS) for use on University and personally-owned computers on campus and at home at no individual or campus unit cost. Switching to Sophos is strongly recommended. Please note that the Sophos license will be valid for the next five years. UCDHS has an existing agreement with McAfee anti-virus software.

SYMANTEC REMINDER
As was mentioned in a message from SLC yesterday, campus agreements for Symantec antivirus will expire on July 24, making now a good time to switch to Sophos. There are no current plans to renew the campus Symantec anti-virus software for faculty, staff and students.

REFERENCES
Symantec (includes patches): http://www.symantec.com/avcenter/security/Content/2006.05.25.html
NIST National Vulnerability Database: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2630