Symantec LiveUpdate DNS Spoofing Arbitrary File Write
Remote / Network Access
Loss of Integrity
Symantec LiveUpdate contains a flaw that may allow a remote denial of service. It is possible that a remote attacker could use LiveUpdate (via DNS spoofing) to redirect a download from a site other than the update.symantec.com server. This may allow a remote attacker to install malicious software on the victim machine.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Symantec's Norton Antivirus contains a feature called LiveUpdate. LiveUpdate is a process that checks for new virus definitions over the internet, downloads and installs them from a Symantec site. This process can either be scheduled or performed manually.
It is possible for a remote user to cause LiveUpdate to redirect a download from a site of his/her choice. Therefore, a remote host could send an unusually large file as the update, potentially causing a denial of services on the target system.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
Symantec has acknowledged this vulnerability, and is currently working on a solution.