[Esd-l] FW: [SA12879] RAV Antivirus Zip Archive Virus Detection Bypass Vu lnerability

John D. Hardin jhardin at impsec.org
Wed Oct 20 21:29:09 PDT 2004

On Wed, 20 Oct 2004, Smart,Dan wrote:

> John,
> Does Sanitizer handle this issue?
> >  -----Original Message-----
> >  
> >  The vulnerability is caused due to an error when parsing 
> >  .zip archive headers and can be exploited via a specially 
> >  crafted .zip archive where the uncompressed size of the 
> >  archived file has been modified within the local and global headers.

I don't know. The sanitizer might detect it as a bogus zip file if the
unzip utility reported a problem.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
   11 days until Daylight Savings Time ends in U.S.

More information about the esd-l mailing list