[Esd-l] FW: [SA12879] RAV Antivirus Zip Archive Virus Detection Bypass Vu lnerability

Smart,Dan SmartD at VMCMAIL.com
Wed Oct 20 10:30:29 PDT 2004


John,
Does Sanitizer handle this issue?

<<Dan>>


 

>  -----Original Message-----
>  From: Secunia Security Advisories [mailto:sec-adv at secunia.com] 
>  Sent: Wednesday, October 20, 2004 10:25 AM
>  To: dan.smart at vul.com
>  Subject: [SA12879] RAV Antivirus Zip Archive Virus Detection 
>  Bypass Vulnerability
>  
>  
>  TITLE:
>  RAV Antivirus Zip Archive Virus Detection Bypass Vulnerability
>  
>  SECUNIA ADVISORY ID:
>  SA12879
>  
>  VERIFY ADVISORY:
>  http://secunia.com/advisories/12879/
>  
>  CRITICAL:
>  Moderately critical
>  
>  IMPACT:
>  Security Bypass
>  
>  WHERE:
>  From remote
>  
>  SOFTWARE:
>  RAV AntiVirus Desktop for Linux 8.x
>  http://secunia.com/product/4096/
>  RAV Antivirus Desktop for Windows 8.x
>  http://secunia.com/product/4087/
>  RAV AntiVirus for AIM 1.x
>  http://secunia.com/product/4102/
>  RAV AntiVirus for File Servers 1.x
>  http://secunia.com/product/4104/
>  RAV AntiVirus for ICQ 1.x
>  http://secunia.com/product/4098/
>  RAV AntiVirus for Mail Servers 8.x
>  http://secunia.com/product/4103/
>  RAV AntiVirus for MSN Messenger 1.x
>  http://secunia.com/product/4099/
>  RAV AntiVirus for Novell Networks 8.x
>  http://secunia.com/product/4105/
>  RAV AntiVirus for Trillian 1.x
>  http://secunia.com/product/4097/
>  RAV AntiVirus for Yahoo! Messenger 1.x
>  http://secunia.com/product/4101/
>  RAV AntiVirus MailFilter 1.x
>  http://secunia.com/product/4106/
>  
>  DESCRIPTION:
>  A vulnerability has been reported in RAV Antivirus, which 
>  can be exploited by malware to bypass certain scanning functionality.
>  
>  The vulnerability is caused due to an error when parsing 
>  .zip archive headers and can be exploited via a specially 
>  crafted .zip archive where the uncompressed size of the 
>  archived file has been modified within the local and global headers.
>  
>  Successful exploitation causes malware in a specially 
>  crafted .zip archive to pass the scanning functionality undetected.
>  
>  NOTE: This is not a critical issue on client systems, as the 
>  malware still is detected upon execution.
>  
>  SOLUTION:
>  Filter all compressed file archives (.zip) at border gateways.
>  
>  PROVIDED AND/OR DISCOVERED BY:
>  Discovered by anonymous person and reported via iDEFENSE.
>  
>  ORIGINAL ADVISORY:
>  http://www.idefense.com/application/poi/display?id=153&type=v
>  ulnerabilities
>  
>  -------------------------------------------------------------
>  ---------
>  
>  About:
>  This Advisory was delivered by Secunia as a free service to 
>  help everybody keeping their systems up to date against the 
>  latest vulnerabilities.
>  
>  Subscribe:
>  http://secunia.com/secunia_security_advisories/
>  
>  Definitions: (Criticality, Where etc.)
>  http://secunia.com/about_secunia_advisories/
>  
>  
>  Please Note:
>  Secunia recommends that you verify all advisories you 
>  receive by clicking the link.
>  Secunia NEVER sends attached files with advisories.
>  Secunia does not advise people to install third party 
>  patches, only use those supplied by the vendor.
>  
>  -------------------------------------------------------------
>  ---------
>  
>  Unsubscribe: Secunia Security Advisories 
>  http://secunia.com/sec_adv_unsubscribe/?email=dan.smart@vul.com
>  
>  -------------------------------------------------------------
>  ---------


More information about the esd-l mailing list