lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00be01c2ce01$8ed6b4c0$24029dd9@tuborg>
From: kain at ircop.dk (Knud Erik Højgaard)
Subject: f-prot antivirus useless buffer overflow

<crap>
This advisory may be found at http://kokanins.homepage.dk/
This advisory may not be reproduced, in part or in full, unless this notice
is included.
This advisory was written by knud.
</crap>

I. BACKGROUND

According to the vendor "F-Prot TM is a quick and easy to use antivirus
software package, specially designed to protect your data from virus
infection and to remove any virus that may have infected your
computersystem."
F-prot is available from www.f-prot.com.

II. DESCRIPTION

Insufficient bounds checking leads to execution of arbitrary code.
Useless exploit at http://kokanins.homepage.dk/f-prot.pl

III. ANALYSIS

Since f-prot is not suid/sgid the overflowing of the command line pose no
initial danger unless the admin interferes, and setting +s on strange
binaries must be considered inappropriate at the least.

IV. DETECTION

F-Prot FreeBSD for Small Business [TM] 3.12b, released on Sep. 30th 2002,
the latest available at the time of writing, is known to be vulnerable.

V. WORKAROUND

below

VI. VENDOR FIX

[mail received from vendor]

Dear Knud,
Thank you for your mail.
This as bean fixed.
best regards,
Arnar Thor

VII. CVE INFORMATION

unknown

VIII. DISCLOSURE TIMELINE

who cares

IX. CREDIT

knud


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ