Secunia
Login
|
|
Secunia Research: avast! Antivirus ACE File Handling Two Vulnerabilities |
|
======================================================================
Secunia Research 21/07/2005
- avast! Antivirus ACE File Handling Two Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Credits..............................................................5
References...........................................................6
About Secunia........................................................7
Verification.........................................................8
======================================================================
1) Affected Software
avast! 4 Home/Professional Edition Version 4.6.665
avast! Server Edition Version 4.6.460
The vendor has reported that avast! Managed Client is also affected.
Other versions may also be affected.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Manipulation of data
Where: From remote
======================================================================
3) Description of Vulnerability
Secunia Research has discovered two vulnerabilities in avast!, which
can be exploited by malicious people to compromise a vulnerable
system.
1) An input validation error in a 3rd-party compression library
(UNACEV2.DLL) when extracting ACE archives for scanning can be
exploited to write files to arbitrary directories when scanning a
malicious archive containing a file with the "/../" directory
traversal sequence or an absolute path in its filename.
2) A boundary error in UNACEV2.DLL can cause a stack-based buffer
overflow when scanning a malicious ACE archive containing a file that has
a filename of more than 290 bytes.
Successful exploitation allows execution of arbitrary code and writing
of files to arbitrary directories, but requires that ACE archive
scanning is enabled.
======================================================================
4) Solution
Update to a fixed version.
Home/Professional Edition:
Fixed in version 4.6.691.
Server Edition:
Fixed in version 4.6.489.
Managed Client:
Fixed in version 4.6.394.
======================================================================
5) Credits
Discovered by Tan Chew Keong, Secunia Research.
======================================================================
6) References
http://www.avast.com/eng/av4_revision_history.html
http://www.avast.com/eng/avast_server_edition.html
http://www.avast.com/eng/257.html
======================================================================
7) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia web site:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
8) Verification
Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2005-20/advisory/
Complete list of vulnerability reports released by Secunia Research:
http://secunia.com/secunia_research/
=====================================================================
|
|
