Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow

from [Secunia Research] Network Security [Permanent Link]
Subject: Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow
Date: Wed, 24 Aug 2005 10:30:15 +0200 
======================================================================

                     Secunia Research 24/08/2005

      - HAURI Anti-Virus ACE Archive Handling Buffer Overflow -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

ViRobot Expert 4.0
ViRobot Advanced Server
ViRobot Linux Server 2.0
HAURI LiveCall

Other versions may also be affected.

======================================================================
2) Severity

Rating: Highly Critical
Impact: System access
Where:  Remote

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in various HAURI
anti-virus products, which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the ACE
archive decompression library vrAZace.dll when extracting an archive.
This can be exploited to cause a stack-based buffer overflow when
scanning a malicious ACE archive containing a compressed file with
a filename longer than 272 characters.

Successful exploitation allows arbitrary code execution, but requires
that compressed file scanning is enabled.

The vulnerability is related to:
http://secunia.com/SA14359

======================================================================
4) Solution

Apply patches.

ViRobot Linux Server 2.0:
http://www.globalhauri.com/html/download/down_unixpatch.html

ViRobot Expert 4.0 / ViRobot Advanced Server:
Update to the latest version via online update (vrazmain.dll
version 5.8.22.137).

HAURI LiveCall:
Update to the latest version by visiting the vendor's LiveCall
website (vrazmain.dll version 5.8.22.137).

======================================================================
5) Time Table

15/08/2005 - Initial vendor notification.
17/08/2005 - Vendor released patch for VR Linux Server.
23/08/2005 - Vendor released patch for VR Expert, VR Advanced Server
             and LiveCall via online update.
24/08/2005 - Public disclosure.

======================================================================
6) Credits

Discovered by Tan Chew Keong, Secunia Research.

======================================================================
7) References

HAURI:
http://www.globalhauri.com/html/download/down_unixpatch.html

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-33/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an 
Anti-Virus product which automatically notifies the perceived sender of a 
message it believes is infected may well cause more harm than good. Someone who 
did not actually send you a virus may receive the notification and scramble 
their support staff to find an infection which never existed in the first 
place. Suggest such notifications be disabled by whomever is responsible for 
your AV, or at least that the idea is considered.
--
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow, Secunia Research <=
Previous by Date:  32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities, Williams, James K
Next by Date:  Re: Administrivia: Zotob/PnP Exploit Survey - Forget the first message, Russ
Previous by Thread:  32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities, Williams, James K
Next by Thread:  Re: Administrivia: Zotob/PnP Exploit Survey - Forget the first message, Russ
Indexes:  [Date] [Thread] [Top] [All Lists]