6423 : F-Secure Anti-Virus Products LHA Archive Processing Overflow
Printer | http://osvdb.org/6423 | Email This | Edit Vulnerability

Views This Week
2

Views All Time
30

Info

Last Modified
2 months ago

Percent Complete
90%

Disclosure
May 26, 2004

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 A remote overflow exists in F-Secure Anti-Virus products. The modules responsible for accessing content in LHA archives while scanning for viruses fails to perform proper boundry checking. With a specially crafted LHA archive, an attacker can cause an overflow resulting in a loss of availability.

Classification

 Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation, Other
Impact: Loss of Availability
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Technical

 The vulnerability is caused due to an unspecified error, which reportedly causes a problem with properly detecting the Sober.D and Sober.G viruses in archives.

Solution

 Upgrade your affected product to the version listed in the vendors patch matrix, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable On-access scanning of client or server computers. This feature is not enabled by default.

Products
F-Secure Corporation
Watch-list
Internet Security
Watch-list
 2004
Anti-Virus
Watch-list
 2004
Anti-Virus Client Security
Watch-list
 5.52
Anti-Virus for Linux Gateways
Watch-list
 4.52
Anti-Virus for Linux Servers
Watch-list
 4.52
Anti-Virus for Linux Workstations
Watch-list
 4.52
Anti-Virus for MIMEsweeper
Watch-list
 5.42
Anti-Virus for MS Exchange
Watch-list
 6.21
Anti-Virus for Samba Servers
Watch-list
 4.60
Anti-Virus for Windows Servers
Watch-list
 5.42
Anti-Virus for Workstation
Watch-list
 5.42
Firewalls
Watch-list
 6.20
Internet Gatekeeper
Watch-list
 6.32
Personal Express
Watch-list
 4.7x

References

Tools & Filters

Nessus

 12491 12561 13697 14488 15352 18762

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

 None found at this time

Comments

Add Comment

No Comments.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use