Symantec Norton AntiVirus vulnerable to DoS via the Auto-Protect "SmartScan" feature

Overview

Symantec Norton AntiVirus may hang or crash when the Auto-Protect module SmartScan feature scans a renamed file on a network share.

Description

Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus “Auto-Protect” module provides automatic file scanning and detection of viruses, Trojans, and worms. The Auto-Protect module includes a feature called “SmartScan” which, as an alternative to scanning all file types, only scans specifically targeted file types and extensions. A flaw in the SmartScan feature is triggered when a file residing on a network share is renamed that may cause excessive CPU consumption and an eventual system hang or crash as a result.

---

Impact

A local authenticated user may be able to cause the system to crash or hang by renaming a file residing on a network share.

---

Solution

Apply an update

Symantec has released fixes for this problem that are available through the LiveUpdate functionality of the products. Symantec advisory SYM05-006 provides details on obtaining updates through LiveUpdate or other channels.

---

Vendor Information

713620

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Symantec Corporation __ Affected

Updated: March 30, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Symantec advisory SYM05-006 provides details on the vulnerability and available updates to correct the flaw.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23713620 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html&gt;
• <http://secunia.com/advisories/14741/&gt;
• <http://www.securityfocus.com/bid/12924&gt;
• <http://www.securitytracker.com/alerts/2005/Mar/1013586&gt;

Acknowledgements

Thanks to Isamu Noguchi, JPCERT, and IPA for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs:	CVE-2005-0923
Severity Metric:	4.05 Date Public: