lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Aug 23 20:20:01 2005 From: mark.sec at gmail.com (Mark Sec) Subject: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal I have Hauri Antivirus, nice research but i remember Alex Hernandez on the wild with nice bugs, but i dont see nothing on the wild about him :-) nice research :-) greets to: Alex Hernandez and KF - Mark CISSP On 23/08/05, KF (lists) <kf_lists@...italmunition.com> wrote: > Since we are talking about HAURI... there are a few exploitable system() > calls in the local setuid binaries. I have been to lazy to write them > up. Perhaps soon I'll get off my ass and document them. > > Off the top of my head I think the setuid virobot binary calls > system("clear"); > -KF > > Steven M. Christey wrote: > > >>The vulnerability is caused due to unsafe extraction of compressed > >>archives (e.g. ACE, ARJ, CAB, LZH, RAR, TAR and ZIP) into a temporary > >>directory before scanning. This can be exploited to write files into > >>arbitrary directories when scanning a malicious archive containing > >>files that have "/../" or "../../" directory sequences in their > >>filenames. > >> > >>... > >> > >>Apply patches. > >> > >>ViRobot Linux Server 2.0: > >>http://www.globalhauri.com/html/download/down_unixpatch.html > >> > >> > > > >This vendor page is titled "ViRobot Unix/Linux Server Security > >Vulnerability Patch." > > > >However, it goes on to describe a buffer overflow problem: > > > > 1. Patch for Buffer Over Flow Vulnerability > > - Vulnerability Type > > : Buffer Over Flow > > > > - Introduction to Patch > > : Vulnerability Patch for BOF(Buffer Over Flow) via HTTP_COOKIE > > > > > >There is no mention of directory traversal. > > > >This inconsistency makes it unclear whether HAURI has specifically > >fixed the directory traversal issue, and in addition it mentions > >another potentially more serious issue that has likely been missed by > >most advisory readers. > > > >- Steve > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists