lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Aug 23 20:20:01 2005
From: mark.sec at gmail.com (Mark Sec)
Subject: Re: Secunia Research: HAURI Anti-Virus
	Compressed Archive Directory Traversal

I have Hauri Antivirus, nice research but i remember Alex Hernandez on
the wild  with nice bugs, but i dont see nothing on the wild about him
:-) nice research :-)


greets to: 

Alex Hernandez and KF

- Mark 
CISSP





















On 23/08/05, KF (lists) <kf_lists@...italmunition.com> wrote:
> Since we are talking about HAURI... there are a few exploitable system()
> calls in the local setuid binaries. I have been to lazy to write them
> up. Perhaps soon I'll get off my ass and document them.
> 
> Off the top of my head I think the setuid virobot binary calls
> system("clear");
> -KF
> 
> Steven M. Christey wrote:
> 
> >>The vulnerability is caused due to unsafe extraction of compressed
> >>archives (e.g. ACE, ARJ, CAB, LZH, RAR, TAR and ZIP) into a temporary
> >>directory before scanning. This can be exploited to write files into
> >>arbitrary directories when scanning a malicious archive containing
> >>files that have "/../" or "../../" directory sequences in their
> >>filenames.
> >>
> >>...
> >>
> >>Apply patches.
> >>
> >>ViRobot Linux Server 2.0:
> >>http://www.globalhauri.com/html/download/down_unixpatch.html
> >>
> >>
> >
> >This vendor page is titled "ViRobot Unix/Linux Server Security
> >Vulnerability Patch."
> >
> >However, it goes on to describe a buffer overflow problem:
> >
> >  1. Patch for Buffer Over Flow Vulnerability
> >  - Vulnerability Type
> >  : Buffer Over Flow
> >
> >  - Introduction to Patch
> >  : Vulnerability Patch for BOF(Buffer Over Flow) via HTTP_COOKIE
> >
> >
> >There is no mention of directory traversal.
> >
> >This inconsistency makes it unclear whether HAURI has specifically
> >fixed the directory traversal issue, and in addition it mentions
> >another potentially more serious issue that has likely been missed by
> >most advisory readers.
> >
> >- Steve
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> >
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists