[Esd-l] FW: [SA12879] RAV Antivirus Zip Archive Virus Detection
Bypass Vu lnerability
Smart,Dan
SmartD at VMCMAIL.com
Wed Oct 20 10:30:29 PDT 2004
John,
Does Sanitizer handle this issue?
<<Dan>>
> -----Original Message-----
> From: Secunia Security Advisories [mailto:sec-adv at secunia.com]
> Sent: Wednesday, October 20, 2004 10:25 AM
> To: dan.smart at vul.com
> Subject: [SA12879] RAV Antivirus Zip Archive Virus Detection
> Bypass Vulnerability
>
>
> TITLE:
> RAV Antivirus Zip Archive Virus Detection Bypass Vulnerability
>
> SECUNIA ADVISORY ID:
> SA12879
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/12879/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Security Bypass
>
> WHERE:
> From remote
>
> SOFTWARE:
> RAV AntiVirus Desktop for Linux 8.x
> http://secunia.com/product/4096/
> RAV Antivirus Desktop for Windows 8.x
> http://secunia.com/product/4087/
> RAV AntiVirus for AIM 1.x
> http://secunia.com/product/4102/
> RAV AntiVirus for File Servers 1.x
> http://secunia.com/product/4104/
> RAV AntiVirus for ICQ 1.x
> http://secunia.com/product/4098/
> RAV AntiVirus for Mail Servers 8.x
> http://secunia.com/product/4103/
> RAV AntiVirus for MSN Messenger 1.x
> http://secunia.com/product/4099/
> RAV AntiVirus for Novell Networks 8.x
> http://secunia.com/product/4105/
> RAV AntiVirus for Trillian 1.x
> http://secunia.com/product/4097/
> RAV AntiVirus for Yahoo! Messenger 1.x
> http://secunia.com/product/4101/
> RAV AntiVirus MailFilter 1.x
> http://secunia.com/product/4106/
>
> DESCRIPTION:
> A vulnerability has been reported in RAV Antivirus, which
> can be exploited by malware to bypass certain scanning functionality.
>
> The vulnerability is caused due to an error when parsing
> .zip archive headers and can be exploited via a specially
> crafted .zip archive where the uncompressed size of the
> archived file has been modified within the local and global headers.
>
> Successful exploitation causes malware in a specially
> crafted .zip archive to pass the scanning functionality undetected.
>
> NOTE: This is not a critical issue on client systems, as the
> malware still is detected upon execution.
>
> SOLUTION:
> Filter all compressed file archives (.zip) at border gateways.
>
> PROVIDED AND/OR DISCOVERED BY:
> Discovered by anonymous person and reported via iDEFENSE.
>
> ORIGINAL ADVISORY:
> http://www.idefense.com/application/poi/display?id=153&type=v
> ulnerabilities
>
> -------------------------------------------------------------
> ---------
>
> About:
> This Advisory was delivered by Secunia as a free service to
> help everybody keeping their systems up to date against the
> latest vulnerabilities.
>
> Subscribe:
> http://secunia.com/secunia_security_advisories/
>
> Definitions: (Criticality, Where etc.)
> http://secunia.com/about_secunia_advisories/
>
>
> Please Note:
> Secunia recommends that you verify all advisories you
> receive by clicking the link.
> Secunia NEVER sends attached files with advisories.
> Secunia does not advise people to install third party
> patches, only use those supplied by the vendor.
>
> -------------------------------------------------------------
> ---------
>
> Unsubscribe: Secunia Security Advisories
> http://secunia.com/sec_adv_unsubscribe/?email=dan.smart@vul.com
>
> -------------------------------------------------------------
> ---------
More information about the esd-l
mailing list