[Esd-l] FW: [SA12879] RAV Antivirus Zip Archive Virus
Detection Bypass Vu lnerability
John D. Hardin
jhardin at impsec.org
Wed Oct 20 21:29:09 PDT 2004
On Wed, 20 Oct 2004, Smart,Dan wrote:
> John,
> Does Sanitizer handle this issue?
>
> > -----Original Message-----
> >
> > The vulnerability is caused due to an error when parsing
> > .zip archive headers and can be exploited via a specially
> > crafted .zip archive where the uncompressed size of the
> > archived file has been modified within the local and global headers.
I don't know. The sanitizer might detect it as a bogus zip file if the
unzip utility reported a problem.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
11 days until Daylight Savings Time ends in U.S.
More information about the esd-l
mailing list