Source: http://www.frsirt.com/english/advisories/2007/1911

{QUOTE-> Affected Products

ESET NOD32 AntiVirus versions 2.x
ESET NOD32 AntiVirus versions 1.x

Solution

Upgrade to version 2.70.39 :
http://www.eset.com/download/registered_software.php

References

http://www.frsirt.com/english/advisories/2007/1911
http://www.inkatel.com/wp-content/uploads/2007/05/Advisory.txt

Credits

Vulnerabilities reported by Ismael Briones (InkaTel).

ChangeLog

2007-05-22 : Initial release

Vulnerability Management

Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com. <-QUOTE}

NOW THE BIG QUESTION: WHERE LOCALIZATED .39 VERSIONS?

Non-English and Non-Slovak NOD32 users can be exposed? Why? :'(

Contact your localize NOD32 distributor, they can tell you the time table. Translation from English to a localize version is not done by ESET.

Why not just use the english version then? I fail to see the problem.

You're kidding, aren't you ? >:(

Why aren't there still no located version 2.70.39 ? With difficulty conceivable, that such this two kinds of exploids only exits in English or slovakisch speaking areas.

Also on the part of the Distributors there's absolutely no information to the customers about an 2.70.37 or 2.70.39.

Does anyone how how I can tell what version a remote machine is running? I will not be able to update all of the computers that I manage from 2.70.32 to .39 at once, so it would be nice to know which version a PC is running.

Thanks,
-John

{QUOTE-> You're kidding, aren't you ? >:( <-QUOTE}
Obviously you understand English just fine, so why not use the English version until a localized version is released or just use it for good? You don't see me complaining about a lack of Danish versions ...

And no, I wasn't kidding.

He does have a point. He could have expressed it a tad bit more politely, but it is an option, for those that are worried about it(the exploit) and can understand English , it is a temporary solution.

Temporary is better than not having a fix at all! ;)

Cheers,

TH

{QUOTE-> He does have a point. He could have expressed it a tad bit more politely, but it is an option, for those that are worried about it(the exploit) and can understand English , it is a temporary solution. <-QUOTE}
You are right naturally. The tone makes the music. But you understood me very well, despite my bad English. There are two fixed important points only in the English and slovak versions,that cannot not be. After so many days it is known.

This is absolutely inaccetable against full paying customers.

{QUOTE-> You are right naturally. The tone makes the music. But you understood me very well, despite my bad English. There are two fixed important points only in the English and slovak versions,that cannot not be. After so many days it is known.

This is absolutely inaccetable against full paying customers which were using other language Versions. <-QUOTE}

And there are a lot of User which do not understand english enough, like me.

I agree, of course. Especially now that the exploit is publicly known, Eset should expedite a fix for all versions of it's product. At the least, they should have delayed public notification of the exploit until all language versions were patched. Unfortunately they did not do it that way and left their users with the options of using an exploitable version or learning english rather quickly. This is but one of the reasons I stopped using their products, the lack of concern for their customers, sometimes they just don't get it.

Thats the point. Surely, i could uninstall my german version and install the actual english version. But, tell me why ? Only for that reason, that i was safed against this two exploids ?

I'm paying the same money as the other users. So i've the right getting the newest and actually version in my language. Because, if i install, for example, the english version, and there are some problems about any intern programm messages because of malware etc. i do not understand what i have to do in this situation, because i do not understand what the programm message mean.

If they fix only some " minor" things, it was not so urgent release all versions at the same time, but actually in this case, the left their customers staying naked into rain.

So i'm near by looking after an alternative, too. This, after using NOD for a very long time.

Look at the Post from Marcos of May the 7'th as he said,
" The German distributor only needs to announce it first. "

Today's the 24 of May and nothing happens.

No, no, no. They got the latest installers 2.70.39 for testing the day before yesterday and upgrade to 2.70.39 hasn't been tested yet either. IMHO, I don't think 2 days of testing is too long for a distributor.

Actually still more badly. Particularly since the finished English and slovakische version already came out on 18 May.

ESET US and ESET SK announced and push out both versions. First 2.70.37 and on May 18'th 2.70.39. All OTHER version were quietly on 2.70.32.

The original, fixed software comes from ESET, right ? ESET US and SK offer new versions already, all different are still tested ? I do not understand, because, here doesn't have to be translated nevertheless still additionally?

So, what is the difference between an finished English/slovakian Version and for example the German version?

I mean, what has to be tested by the germans on a finished version, which is delivered already to English and slovakischen customers ?

Hi,

we are using NOD32 2.5 in the enterprise version on about 75 PCs. The installed version is in german. As mentioned in another Thread there is still no autoupdate to 2.7. If i understand it right the vulnerabilities are in ALL previous versions.
Temporaly switching to the english version is not an option on 75Pcs.

So as far as i can say, it is not very good to sleep in mind that there are 75pcs with a security hole and a working exploit in the wild.
I expect from ESET (and it's distributors) to push out the new files asap.
A company which works in the security business, has to react fast in such cases, for my opinion.

Greetings JD

You can contact your local distributor, there will be a special mirror with update files for all localized versions v. 2.70.39 available shortly.

A joke, or? http://www.eset.com/support/news.php

Again no German version announced? And again are others faster. As every time in the past. Incomprehensibly :o

Looks like those local distributors are faster or have more resources then the others..

Btw: The Registered User Downloads Page has not been updated. The links shows .32 for france but the download is .39

Hi everybody :)

I use the English version.

As you see from this one, pasted from the information the program offer:



********
NOD32 antivirus system information
Virus signature database version: 2288 (20070524)
Dated: giovedì 24 maggio 2007
Virus signature database build: 9908

Information on other scanner support parts
Advanced heuristics module version: 1.059 (20070517)
Advanced heuristics module build: 1153
Internet filter version: 1.001 (20031104)
Internet filter build: 1012
Archive support module version: 1.052 (20070115)
Archive support module build version: 1179

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.32
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.32
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.32

Operating system information
Platform: Microsoft Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 1023 MB
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz (3192 MHz)
******************

the signature update but the program is still the old .32 version.

Why it doesn't update?

{QUOTE-> Looks like those local distributors are faster or have more resources then the others..
<-QUOTE}
Maybe, but every year or everytime a new installer-Version comes out the same procedere ? ??? Btw. to change this, it is the problem of the distributor, no of their customers. And since i use NOD, it was allways the same.

@jdo2000

I've got aprox. 400 german clients ;) and no answer from datsec...

But i think they try there best... after all, they answer on mails, not like support from eset.com (no answer for 5 month).

waiting on a quick release of the german PCU

Regards

{QUOTE-> ...not like support from eset.com (no answer for 5 month). <-QUOTE}All emails are logged and replied to in the USA when the appropriate form is completed. (http://www.eset.com/support/contact.php)

Cheers ;D

It's at least frustratin. Eset provides a new version/update and then the costumer has to wait.

But the problem about a localize version of a AV is not related to Eset only.

{QUOTE-> @jdo2000
But i think they try there best... after all, they answer on mails

waiting on a quick release of the german PCU

Regards <-QUOTE}
May be, but in the meantime I do not believe in that however no more.

Because, as I already said, since years the same egg dance. And, beautifully that at least they react to emails. But I expect however at any time, and without inquire, the newest version, for which I had paid.

{QUOTE-> It's at least frustratin. Eset provides a new version/update and then the costumer has to wait.

But the problem about a localize version of a AV is not related to Eset only. <-QUOTE}
To make that much more clear, none of my reproaches goes against ESET. There are others meant.

Before we changed to NOD32 last year, we used the product of another major player in the AV-Industry. We changed to NOD32 because i was sure that ESET reacts fast and that NOD32 is a good product. But after 6 month since 2.7 was released i'm a little bit deflated. NOD32 is still one of the best products, but the reaction time is a slower than the reaction time of the product which we used before NOD32.
When i talked to the distributor, mid April 2007 was announced to release 2.7 via PCU. The non-fixed security hole in the german version confirmed my opinion that something is not optimal.

{QUOTE-> To make that much more clear, none of my reproaches goes against ESET. There are others meant. <-QUOTE}

I agree on that

But is there a solution /alternative . Perhaps a point for improvement

Thats the part of the german distributor. Or ESET, to make them ( german Distributor ) clear, what they have to do.

Or, for what else the german Distributor gets their money ? However, as jod said, the PCU doesn't work since month. Further also no newer version are offered manually. Also no information is made by the German side. Nothing concerning newer version and nothing over existing exploids. Absolutely nothing, , except, a winner list dated of 02.05.2007. That is the last, official information of the German ESET agency. Congratulations.

19/04/2007 - First Vulnerability reported to ESET
19/04/2007 - ESET Response
20/04/2007 - Vulnerability Analysis and PoC sent to ESET
20/04/2007 - ESET initial feedback
24/04/2007 - Confirmed the bug and fixed
07/05/2007 - ESET made available the updates
10/05/2007 - A second vulnerability was founded and reported to ESET with a PoC an analysis
10/05/2007 - ESET response, Confirmed the bug and fixed
15/05/2007 - ESET made available the updates
19/05/2007 - Coordinated public disclosure


If you read the timeline for the disclosure you see that Eset had a fix for the 1st vulnerability for 13 days before they released it and 5 days before they released the fix for the 2nd one.


This a copy n paste from here; http://www.inkatel.com/wp-content/uploads/2007/05/Advisory.txt

And what's the point ? ???

That they had the 1st fix for 13 days before it waas released, could have translated any number of languages in that time, same with the .39 fix, that 1 was fixed on the 10th, 14 days ago, again plenty of time for translation, but they say you STILL have to wait a few more days. Like they just found out about this 5 mins ago or something. Additionally, what they are fixing is part of the engine, not the GUI or help files, code is code, there shouldn't be much translating involved.

{QUOTE-> That they had the 1st fix for 13 days before it waas released, could have translated any number of languages in that time, same with the .39 fix, that 1 was fixed on the 10th, 14 days ago, again plenty of time for translation, but they say you STILL have to wait a few more days. Like they just found out about this 5 mins ago or something. Additionally, what they are fixing is part of the engine, not the GUI or help files, code is code, there shouldn't be much translating involved. <-QUOTE}
That's exactly how i understand it. So the most important point is, there should't be any translation necessarily. And btw. you can see, other distributors were now ready, others still not. :thumbd:

Yes some distributors are simply awesome and go way above and beyond, Blackspear comes to mind here, however others leave much to be desired. In that case, complain to Eset, they are responsible for how their distributors represent them, it isn't the other way around. I don't feel this one shouldn't be a distributor problem. I could be wrong though. Eset writes the code, distirbutors just sell and provide support.

Hi,

i just want to ask *when* will the update to NOD32 V2.70.39 released via PCU in german?
I cannot understand why Eset or Datsec need so much time to release an update via PCU. Since our last post was for up to 5 weeks, from my point of view, there has to be enough time for Eset to release an update.
As i posted before, its not an option to update 75 PCs manually, so i have to wait for the pcu...
As i talked to Datsec for 5 weeks, they told me that the pcu update will be released shortly...
Eset and Datsec stated that the risk of the security hole is not so big, but its not good to know if you have pcs with a documented security hole running.

JDO

@JDO

they will release it soon ;) whatever this mean...

Try to mail eset and ask 4 a special update server, as described here (http://www.wilderssecurity.com/showpost.php?p=1027031&postcount=7)