LiveUpdate 1.4 and 1.6

Description:  A vulnerability was reported in the LiveUpdate component of Norton Anti-Virus. A remote user could conduct certain attacks during update retrieval to attempt to cause denial of service conditions or to cause malicious updates to be applied.

When LiveUpdate starts, it reportedly attempts to contact 'update.symantec.com' to obtain update information via FTP. It is reported that no cryptographic-based confidentiality or integrity mechanisms are used to retrieve the file LIVEUPDT.TRI, which contains a list of product updates. As a result, a remote user could attempt to modify data during FTP transmission to cause denial of service (e.g., failure to update files) or to potentially cause malicious updates to be applied. This would generally require the user to conduct a DNS attack or a 'man in the middle' attack.

It is reported that version 1.6 places cryptographic signatures on the update files but not on the initial LIVEUPDT.TRI file and that version 1.4 uses no signatures at all.

Note that LiveUpdate is used on some other Symantec products and not just in Norton Anti-Virus.

A remote user could attempt to modify data during FTP transmission to cause denial of service (e.g., failure to update files) or to potentially cause malicious updates to be applied.

There is no solution at this time.
Courtesy of:  FX <fx@phenoelit.de>