| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: kain at ircop.dk (Knud Erik Højgaard) Subject: f-prot antivirus useless buffer overflow <crap> This advisory may be found at http://kokanins.homepage.dk/ This advisory may not be reproduced, in part or in full, unless this notice is included. This advisory was written by knud. </crap> I. BACKGROUND According to the vendor "F-Prot TM is a quick and easy to use antivirus software package, specially designed to protect your data from virus infection and to remove any virus that may have infected your computersystem." F-prot is available from www.f-prot.com. II. DESCRIPTION Insufficient bounds checking leads to execution of arbitrary code. Useless exploit at http://kokanins.homepage.dk/f-prot.pl III. ANALYSIS Since f-prot is not suid/sgid the overflowing of the command line pose no initial danger unless the admin interferes, and setting +s on strange binaries must be considered inappropriate at the least. IV. DETECTION F-Prot FreeBSD for Small Business [TM] 3.12b, released on Sep. 30th 2002, the latest available at the time of writing, is known to be vulnerable. V. WORKAROUND below VI. VENDOR FIX [mail received from vendor] Dear Knud, Thank you for your mail. This as bean fixed. best regards, Arnar Thor VII. CVE INFORMATION unknown VIII. DISCLOSURE TIMELINE who cares IX. CREDIT knud
Powered by blists - more mailing lists