[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00be01c2ce01$8ed6b4c0$24029dd9@tuborg>
From: kain at ircop.dk (Knud Erik Højgaard)
Subject: f-prot antivirus useless buffer overflow
<crap>
This advisory may be found at http://kokanins.homepage.dk/
This advisory may not be reproduced, in part or in full, unless this notice
is included.
This advisory was written by knud.
</crap>
I. BACKGROUND
According to the vendor "F-Prot TM is a quick and easy to use antivirus
software package, specially designed to protect your data from virus
infection and to remove any virus that may have infected your
computersystem."
F-prot is available from www.f-prot.com.
II. DESCRIPTION
Insufficient bounds checking leads to execution of arbitrary code.
Useless exploit at http://kokanins.homepage.dk/f-prot.pl
III. ANALYSIS
Since f-prot is not suid/sgid the overflowing of the command line pose no
initial danger unless the admin interferes, and setting +s on strange
binaries must be considered inappropriate at the least.
IV. DETECTION
F-Prot FreeBSD for Small Business [TM] 3.12b, released on Sep. 30th 2002,
the latest available at the time of writing, is known to be vulnerable.
V. WORKAROUND
below
VI. VENDOR FIX
[mail received from vendor]
Dear Knud,
Thank you for your mail.
This as bean fixed.
best regards,
Arnar Thor
VII. CVE INFORMATION
unknown
VIII. DISCLOSURE TIMELINE
who cares
IX. CREDIT
knud
Powered by blists - more mailing lists