In association with heise online

03 April 2009, 15:41

Vulnerabilities in several security products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Several security products have been reported as having vulnerabilities which can circumvent the filtering or allow for denial of service attacks. ClamAV versions prior to 0.05, for example, can be fooled into not scanning groomed RAT archives and malformed TAR files can put it into an infinite loop when it attempts to process them. Also when scanning executable files with the -detect-broken option set, the ClamAV scanner can crash with a divide by zero error. These errors are eliminated in ClamAV 0.95.

F-Prot has a problem with manipulated headers in ZIP files which can also allow a potentially infected files to pass the scanners undetected. According to security specialist Theirry Zoller, the bug was reported four years ago to the makers, FRISK. FRISK acknowledge the error, but rate it as only minor and wants to repair it in the upcoming version 4.5 of its scanning engine.

According to Zoller, it may also be that IBM's Proventia may be unable to scan crafted RAR archives. An archive could end up on the desktop and could be opened by the user, resulting in infection, but Zoller points out that the client side impact is lessened as the extracted files should also be scanned. Zoller is holding back the details for two weeks; IBM has been informed of the vulnerability but has so far not responded.

Zoller has been considering these problems as an issue for gateways and servers, rather than the desktop.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit