Re: "Peter Miller" pcmiller61at_private, 02/26/2002 03:48 AM RE: Symantec LiveUpdate

From: Sym Security (symsecurityat_private)
Date: Fri Mar 01 2002 - 07:19:27 PST

Next message: Sebastian Krahmer: "SuSE Security Announcement: squid (SuSE-SA:2002:008)"

Previous message: Thomas Thornbury: "RE: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Re:  "Peter Miller" pcmiller61at_private, 02/26/2002 03:48 AM RE:  Symantec
LiveUpdate
Hi All,

In a similar vien would anyone with Symantec Ghost V7.0 installed like to
comment on this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NGServer\params

Ghost creates a special user account on the machine to run the service
under
but it seems it is storing the password for this account in plain text in
the registry.

Regards
Peter

-------------------------------------------------
Symantec Response
This is not the same type of issue reported in the original posting by
Javier Sanchez, "Javier Sanchez" jsanchez157at_private 02/25/2002 11:14
AM, Symantec LiveUpdate"

During the installation process for Symantec Ghost Corporate Edition, the
key in question is created with Administrator access only by default.
Normal best practice procedures of administrators allowing "least
privilege" access to normal system users would preclude access to any
unauthorized registry information by anyone other than a user with
administrator privileges.

Unauthorized access to the system registry presents security concerns for
any program(s), which use the registry to persist data.   Protection of
your system includes restricting physical access to your system and
restricting administrative privileges.

Symantec take the security of our products very seriously and appreciates
the concerns of Mr. Miller.  Symantec is constantly working to improve our
products and we will be reviewing additional protective measures for this
key in future upgrades.

Please direct any Symantec product security concerns to SymSecurity at
symsecurityat_private

Disclaimer
The information in the advisory is believed to be accurate at the time of
printing based on currently available information. Use of the information
constitutes acceptance for use in an AS IS condition. There are no
warranties with regard to this information. Neither the author nor the
publisher accepts any liability for any direct, indirect or consequential
loss or damage arising from use of, or reliance on this information.
Symantec, Symantec product names and Sym Security are Registered Trademarks
of Symantec Corp. and/or affiliated companies in the United States and
other countries. All other registered and unregistered trademarks
represented in this document are the sole property of their respective
companies/owners.

Next message: Sebastian Krahmer: "SuSE Security Announcement: squid (SuSE-SA:2002:008)"
Previous message: Thomas Thornbury: "RE: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 19:34:46 PST