SYM07-018 Symantec SYMTDI.SYS Device Driver Local Elevation of Privilege
|Article:TECH102210|||||Created: 2007-01-11|||||Updated: 2012-01-30|||||Article URL http://www.symantec.com/docs/TECH102210|
You use Symantec AntiVirus or Symantec Client Security and want to know more about the SYM07-018 Symantec Client Security Internet E-mail AutoProtect vulnerability.
An issue has been identified in some versions of Symantec's device driver SYMTDI.SYS which, if successfully exploited, could allow a local attacker to execute arbitrary code with system level privileges.
For additional information on the SYM07-018 vulnerability, read the Symantec Security Response SYM07-018 Security Advisory.
- Upgrade to an unaffected build of Symantec AntiVirus or Symantec Client Security.
- Use the SymNetDrvUpdater.exe to upgrade to an unaffected version of SYMTDI.SYS. This tool should not be used is you are planning on migrating to a version of Symantec Client Security 3.1 MR6, Symantec AntiVirus 10.1 MR6 or earlier.
Symantec has created fixed versions of Symantec AntiVirus and Symantec Client Security. The solution paths from each version of Symantec AntiVirus and Symantec Client Security are as follows:
|Symantec AntiVirus Corporate Edition||9.x, all builds prior to the solution||Symantec AntiVirus 9 MR6-MP1 or later|
|10.0||Symantec AntiVirus 10.1 MR6 or later|
|Symantec Client Security||2.x, all builds prior to the solution||Symantec Client Security 2 MR6-MP1 or later|
|3.0||Symantec Client Security 3.1 MR6 or later|
The version of SYMTDI.SYS for Symantec AntiVirus 10.1 MR6 or Symantec Client Security 3.1 MR6 should be 18.104.22.1686 or later.
The version of SYMTDI.SYS for Symantec AntiVirus 9 MR6-MP1 or Symantec Client Security 2 MR6-MP1 should be 22.214.171.1244 or later.
To obtain the latest release, read the document How to obtain an update or an upgrade for your Symantec corporate product.
Some upgrade paths require migrating to Symantec Client Security 3.1 or Symantec AntiVirus 10.1. To obtain these products, read the document How to obtain an update or an upgrade for your Symantec corporate product. For instructions on how to migrate to those versions, read one of the following documents:
Migrating to Symantec Client Security 3.1
Migrating to Symantec Client Security 3.1 Small Business Edition
Migrating to Symantec AntiVirus 10.1 Corporate Edition
Migrating to Symantec AntiVirus 10.1 Small Business Edition
For information on upgrading to 9.0 MR6 MP1, read Applying Symantec Client Security 2.0 and Symantec AntiVirus 9.0 Maintenance Release 6 Maintenance Patch 1.
Localized versions of the updated builds of Symantec Client Security and Symantec AntiVirus are available.
Use the SymNetDrvUpdater tool
Symantec has created a tool for updating SYMTDI.SYS on versions of Symantec AntiVirus 10.0.2, Symantec Client Security 3.0.2 and later.
The tool will not update Symantec AntiVirus 10.1.6 or Symantec Client Security 3.1.6 and newer versions as they are not affected by the sym07-018 vulnerability.
Versions prior to Symantec AntiVirus 10.0.2 and Symantec Client Security 3.0.2 should be updated to a non-vulnerable release of the product.
This tool should not be used is you are planning on migrating to a version of Symantec Client Security 3.1 MR6, Symantec AntiVirus 10.1 MR6 or earlier.
The tool can be downloaded from:
Command Line options
|/log||Creates a log file called SymNetDrvUpdater.log in the user temp variable (%tmp%)|
|/promptforcereboot||Forces a reboot with a message displayed to the user|
|/silentreboot||Forces a silent reboot|
|/promptoptionalreboot||User is given a choice to reboot now or later|
|/visible||Dialog box is displayed with a button to "Update SymNetDrv Binaries"|
Functionality of the SymNetDrvUpdater.exe tool
The SymNetDrvUpdater.exe application runs in silent mode by default.
- When you run the tool it gets the Symantec AntiVirus or Client Security version, if the version is greater than AntiVirus 10.0.2 or Client Security 3.0.2 the tool continues.
- It replaces only the files that are already present on the system
- The files are replaced on reboot. So the file versions will not change until a system reboot is completed
- Use the /log command line option to create the log file SymNetDrvUpdater.log under the users temp directory (%TMP%).
The tool replaces the following files:
Article URL http://www.symantec.com/docs/TECH102210