Multiple AV vendor vulns - updates available [Archive]

AplusWebMaster

2007-03-15, 19:53

FYI...

(See: https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html
"...before applying the HotFix...")

- http://secunia.com/advisories/24466/
Release Date: 2007-03-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
McAfee ePolicy Orchestrator 3.x
McAfee ProtectionPilot 1.x
...Successful exploitation allows execution of arbitrary code.
The vulnerabilities affect the following products:
* McAfee ePolicy Orchestrator 3.5.0 (Patch 5 and earlier)
* McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier)
* McAfee ePolicy Orchestrator 3.6.1
* McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier)
* McAfee ProtectionPilot 1.5.0
Solution: Apply hotfix/patch.
https://mysupport.mcafee.com/eservice_enu/start.swe ..."

-----------------------------------------------------------
- http://secunia.com/advisories/24450/
Release Date: 2007-03-15
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
...The vulnerability reportedly affects all Trend Micro products that use Scan Engine version 8.0 and above with Pattern File technology.
Solution: Update the virus pattern file to OPR 4.335.00 or higher...
Original Advisory: Trend Micro:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034587 ..."

-----------------------------------------------------------
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml
F-Secure Anti-Virus Client Security 6.02 and 6.03
Mar 12, 2007 - Client Security Hotfix FSAVCS603_HF02 (675 KB)
"This hotfix improves error handling in the parts of F-Secure BackWeb Client responsible for setting the Management Server address on the Client side."

:fear: :fear:

AplusWebMaster

2007-04-05, 14:55

FYI...

Kaspersky multiple vulns - updates available
- http://secunia.com/advisories/24778/
Release Date: 2007-04-05
Critical: Highly critical
Impact: Privilege escalation, DoS, System access, Exposure of sensitive information, Exposure of system information
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 6.0.2.614 or later.

Kaspersky Anti-Virus for Windows Workstations:
http://www.kaspersky.com/productupdates?chapter=146274385
Kaspersky Anti-Virus for Windows Server:
http://www.kaspersky.com/productupdates?chapter=146274391
Kaspersky Internet Security 6.0:
http://www.kaspersky.com/productupdates?chapter=186437046
Kaspersky Anti-Virus 6.0:
http://www.kaspersky.com/productupdates?chapter=186435857 ..."

.

AplusWebMaster

2007-04-18, 13:28

FYI...

McAfee VirusScan vuln - update available
- http://secunia.com/advisories/24914/
Release Date: 2007-04-18
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee VirusScan Enterprise 8.x
...The vulnerability reportedly affects versions 8.0i Patch 11 and prior.
Solution: Apply Patch 12 or later.
https://mysupport.mcafee.com/eservice_enu/start.swe ...

McAfee e-Business Svr DoS vuln - update available
- http://secunia.com/advisories/24893/
Release Date: 2007-04-18
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
Software: McAfee e-Business Server 8.x ...
Solution: Apply updates.
https://secure.nai.com/apps/downloads/my_products/login.asp ...
Original Advisory: McAfee:
http://preview.tinyurl.com/2wlsg9 ...

.

AplusWebMaster

2007-05-08, 20:32

FYI...

avast! DoS Vuln - update available
- http://secunia.com/advisories/25137/
Release Date: 2007-05-08
Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: avast! Home/Professional 4.x
...The vulnerability is reported in avast! Home Edition and avast! Professional Edition.
Solution: Update to version 4.7.981 or later...
Original Advisory:
avast!: http://www.avast.com/eng/avast-4-home_pro-revision-history.html ..."

.

AplusWebMaster

2007-05-09, 17:04

FYI...

McAfee SecurityCenter ActiveX vuln - updates available
- http://secunia.com/advisories/25173/
Release Date: 2007-05-09
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
...The vulnerability affects versions -prior- to 7.2.147 and 6.0.25.
Solution: The fix has reportedly been available via automatic updates since March 22, 2007.
Update to Security Center version 7.2.147 and 6.0.25, or higher.
http://us.mcafee.com/root/login.asp ..."

:fear:

AplusWebMaster

2007-05-09, 21:57

FYI...

Trend Micro ServerProtect vuln - update available
- http://secunia.com/advisories/25186/
Last Update: 2007-05-09
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro ServerProtect for Windows/NetWare 5.x
...Successful exploitation of the vulnerabilities allows execution of arbitrary code...
Original Advisory: Trend Micro:
http://www.trendmicro.com/download_beta/product.asp?productid=17 ..."

> http://isc.sans.org/diary.html?storyid=2774
Last Updated: 2007-05-09 16:04:05 UTC

:fear:

AplusWebMaster

2007-05-24, 00:04

FYI...

NOD32 AV vuln - update available
- http://secunia.com/advisories/25375/
Release Date: 2007-05-23
Critical: Moderately critical
Impact: Privilege escalation, System access
Where: From remote
Solution Status: Vendor Patch
Software: NOD32 for Windows NT/2000/XP/2003 2.x
...Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.70.37.
Solution: Update to version 2.70.39.
http://www.eset.com/download/registered_software.php ..."

.

AplusWebMaster

2007-05-24, 23:18

FYI...

- http://secunia.com/advisories/25380/
Release Date: 2007-05-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation may allow execution of arbitrary code.
The vulnerability reportedly affects versions prior to 4.7.766 for servers and 4.7.700 for the Managed Client product.
Solution: Update to the latest versions.
http://www.avast.com/eng/download.html
Original Advisory: avast!:
http://www.avast.com/eng/adnm-management-client-revision-history.html
http://www.avast.com/eng/avast-4-server-revision-history.html ..."

.

AplusWebMaster

2007-05-29, 13:22

FYI...

- http://secunia.com/advisories/25417/
Release Date: 2007-05-29
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to AVPack version 7.03.00.09 and Engine version 7.04.00.24. These updates have reportedly been made available since 2007-05-23...
Original Advisory: Avira:
http://forum.antivir-pe.de/thread.php?threadid=22528 ..."

.

AplusWebMaster

2007-05-30, 21:11

FYI...

F-Secure Anti-Virus 5 hotfixes
> http://support.f-secure.com/enu/corporate/downloads/hotfixes/av5-hotfixes.shtml

------------------------------------------------

F-Secure Products vuln - updates available
- http://secunia.com/advisories/25426/
Release Date: 2007-05-30
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for Linux 4.x
F-Secure Anti-Virus for Microsoft Exchange 6.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Gatekeeper 6.x
F-Secure Internet Gatekeeper for Linux 2.x
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007 ...
The vulnerability is caused due to a boundary error in the processing of LHA archives and can be exploited to cause a buffer overflow when decompressing a specially crafted archive.
The vulnerability is related to #1 in: http://secunia.com/SA21996/
Successful exploitation may allow execution of arbitrary code.
Solution: Apply hotfixes.
F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
F-Secure Protection Service for Consumers: Hotfix distributed automatically...
Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2007-1.shtml ..."
------------------------------------------------

F-Secure AV vuln - update available
- http://secunia.com/advisories/25439/
Release Date: 2007-05-30
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software:
F-Secure Anti-Virus 2005
F-Secure Anti-Virus 2006
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 5.x
F-Secure Anti-Virus Client Security 6.x
F-Secure Anti-Virus for Citrix Servers 5.x
F-Secure Anti-Virus for MIMEsweeper 5.x
F-Secure Anti-Virus for Windows Servers 5.x
F-Secure Anti-Virus for Workstations 5.x
F-Secure Internet Security 2005
F-Secure Internet Security 2006
F-Secure Internet Security 2007
...The vulnerability is caused due to an error in the real-time scanning component and can be exploited to execute arbitrary code with escalated privileges via specially crafted I/O request packets.
Solution: F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
F-Secure Protection Service for Consumers 5.00 - 6.40: Hotfix distributed automatically...
Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2007-2.shtml ..."
----------------------------

F-Secure Policy Mgr Svr DoS Vuln - update available
- http://secunia.com/advisories/25449/
Release Date: 2007-05-30
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
...The vulnerability is caused due to an error within the fsmsh.dll host module and can be exploited to e.g. crash the server by specifying NTFS reserved names as URL filenames. The vulnerability affects versions 7.00 and prior.
Solution: Update to 7.01 or apply hotfix. http://www.f-secure.com/webclub/fspm.html
ftp://ftp.f-secure.com/support/hotfix/fspm/fspms-700-60x-570-hotfix2.zip ...
Original Advisory: F-Secure:
http://www.f-secure.com/security/fsc-2007-4.shtml ..."

.

AplusWebMaster

2007-06-06, 13:44

FYI...

- http://secunia.com/advisories/25539/
Release Date: 2007-06-06
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
Software: Symantec Ghost Solution Suite 1.x, Symantec Ghost Solution Suite 2.x ...
Original Advisory: Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.06.05b.html ..."

- http://secunia.com/advisories/25543/
Release Date: 2007-06-06
Critical: Moderately critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, Symantec Client Security 3.x, Symantec Reporting Server 1.x ...
Solution: Update to version 1.0.224.0.
SAV 10.1 MR6 build 6000 (10.1.6.6000) or later / SCS 3.1 MR6 build 6000 (3.1.6.6000) or later:
https://fileconnect.symantec.com/licenselogin.jsp ...
Original Advisory:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.06.05.html
http://securityresponse.symantec.com/avcenter/security/Content/2007.06.05a.html ..."

.

AplusWebMaster

2007-06-06, 13:44

FYI...

CA Anti-Virus Engine CAB Archive Processing Buffer Overflows
- http://secunia.com/advisories/25570/
Release Date: 2007-06-06
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
Solution: Content update 30.6 has been issued to address the vulnerabilities (please see the vendor's advisory for details)...
Original Advisory: CA:
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp ..."

.

AplusWebMaster

2007-07-11, 16:13

FYI...

McAfee ePolicy Orchestrator / ProtectionPilot Common Management Agent Vulns
- http://secunia.com/advisories/26029/
Release Date: 2007-07-11
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: McAfee ePolicy Orchestrator 3.x, McAfee ProtectionPilot 1.x
...Successful exploitation of this vulnerability allows execution of arbitrary code...
Solution: Apply patches. Please see the vendor's advisories for details...
McAfee:
https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html
https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html
https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html
https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html ...

- http://www.us-cert.gov/current/#mcafee_products_code_execution_vulnerabilities
July 16, 2007

.

AplusWebMaster

2007-07-18, 15:21

FYI...

Trend Micro OfficeScan vuln - updates available
- http://atlas.arbor.net/briefs/index#-1118575019
July 17, 2007 - "A malicious web request with an overly long session cookie can be sent to the Trend Micro OfficeScan web interface to trigger a buffer overflow in the component CGIOCommon.dll. Successful exploitation can allow the remote, anonymous attacker to execute code on the system with the permissions of the IIS web server. Trend Micro has released updated code to address this issue.
Analysis: This is a relatively trivial attack to launch for most attackers. We have not yet seen tools to exploit this, but we expect that some will be developed soon.
Source:
> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559
7.16.07 - "...Trend Micro has addressed this vulnerability by releasing the following patches for affected products.
CSM3.6 security patch 1149
CSM3.5 security patch 1152
CSM3.0 security patch 1209
http://www.trendmicro.com/download/product.asp?productid=39
OSCE 8.0 security patch 1042
OSCE 7.3 security patch 1293
OSCE 7.0 security patch 1364
OSCE 6.5 security patch 1364
OSCE 6.0 for SMB2.0 security patch 1398
http://www.trendmicro.com/download/product.asp?productid=5 ..."

.

AplusWebMaster

2007-07-19, 19:25

Updated:

Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass - SYM07-019
- http://www.symantec.com/avcenter/security/Content/2007.07.11f.html
Last modified on: Wednesday, 18-Jul-07 16:53:13 ...
Revision History:
Removed invalid CVE information
Added missing product information
Updated Symantec AntiVirus Corporate addition version information
Added information and link to new update tool for Symantec AntiVirus and Symantec Client Security
Risk Impact: High
Remote Access: -Yes- ...

> http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007071111591448
Last Modified: 07/18/2007

.

AplusWebMaster

2007-07-24, 13:12

FYI...

> http://atlas.arbor.net/briefs/index#1027704494
Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability
Severity: High Severity
Published: July 23, 2007
Panda AV is vulnerable to a buffer overflow when processing Windows EXE files. The error comes in an integer cast when parsing EXE header data. A malicious attacker could send the victim a malformed EXE file to be processed by Panda AV. This would then allow the attacker to run arbitrary code on the victim's computer. Updates have been made available.
Analysis: This is a similar issue to the Eset NOD32 file processing issue and nearly a dozen such vulnerabilities recently. We believe that this trend will continue for some time.
Source: http://secunia.com/advisories/26171/

NOD32 Antivirus Multiple File Processing Vulnerabilities
Severity: High Severity
Published: July 23, 2007
Eset NOD32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.
Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.
Source: http://secunia.com/advisories/26124/

.

AplusWebMaster

2007-07-25, 20:19

FYI...

CA AV and other multiple products vuln - updates available
- http://secunia.com/advisories/26155/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch ...
Description: Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS...

(See the advisory for the long list of affected products.)

Also see: http://secunia.com/advisories/26190/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
...The vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and Netware..."

:fear:

AplusWebMaster

2007-08-22, 20:44

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/26530/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x...
Solution:
Update to version 0.91.2.
- http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=90197&release_id=533658
2007-08-21

Trend Micro ServerProtect multiple vulns - update available
- http://secunia.com/advisories/26523/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro ServerProtect for Windows/NetWare 5.x...
Solution: Apply Security Patch 4 - Build 1185.
http://www.trendmicro.com/ftp/products/patches/spnt_558_win_en_securitypatch4.exe
Original Advisory: Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt

Also see: http://secunia.com/advisories/26557/
Software: Trend Micro Anti-Spyware 3.x, Trend Micro PC-cillin Internet Security 2007

.

AplusWebMaster

2007-08-24, 16:49

FYI...

Sophos AV vuln - update available
- http://secunia.com/advisories/26580/
Release Date: 2007-08-24
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus...
The vulnerabilities are reported in Sophos Anti-Virus with engine versions prior to 2.48.0.
Solution: Update to engine version 2.48.0 or later...
Original Advisory: http://www.sophos.com/support/knowledgebase/article/28407.html
http://www.sophos.com/support/knowledgebase/article/14244.html ...

.

AplusWebMaster

2007-09-07, 14:45

FYI...

Sophos AV vuln - updates available
- http://secunia.com/advisories/26714/
Release Date: 2007-09-07
Critical: Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus 7.x, Sophos Anti-Virus for Windows 6.x
...The vulnerability is reported in versions 6.x and 7.0.0.
Solution: Update to versions 6.5.8 or later, or 7.0.1 or later. The vendor also recommends users of version 6.x to upgrade to version 7.
Original Advisory:
http://www.sophos.com/support/knowledgebase/article/29150.html

.

AplusWebMaster

2007-09-08, 14:16

FYI...

AOL AV changes...
- http://isc.sans.org/diary.html?storyid=3360
Last Updated: 2007-09-08 01:29:38 UTC - "...It appears that AOL has switched from Kaspersky to McAfee and are now distributing "McAfee Virus Scan Plus-Special edition from AOL" according to this page*. It isn't entirely clear how (or if) this was communicated to the folks using the Kaspersky software. If you follow the link at the bottom of the page it looks like the old software may still get updates if you point back to a Kaspersky site, but that isn't entirely clear and I was unable to find anyone to answer that question for sure today (I'll update the story if I get more info). Without some action by the user, however, it appears that they will now be unprotected, which is unfortunate. In the meantime, if you have an AOL e-mail address, you can still get free anti-virus software from here**..."

* http://www.activevirusshield.com/antivirus/freeav/index.adp

** http://safety.aol.com/isc/BasicSecurity/

.

AplusWebMaster

2007-09-26, 15:32

FYI...

Kaspersky AV DoS vuln - update 11.2007
- http://secunia.com/advisories/26887/
Last Update: 2007-09-25
Critical: Not critical
Impact: DoS
Where: Local system
Solution Status: Unpatched
Software: Kaspersky Anti-Virus 6.x
Kaspersky Anti-Virus 7.x
Kaspersky Internet Security 6.x
Kaspersky Internet Security 7.x
...The vulnerabilities are reported in version 7.0 build 125. Other versions may also be affected.
Solution: The vendor is reportedly working on an update to be released November 2007.
Original Advisory: Kaspersky:
http://www.kaspersky.com/technews?id=203038706
"...This is not the first time that this author has failed to notify us about a vulnerability before making it public, despite the fact that notifying the vendor first is de facto an industry standard..."

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5043

.

AplusWebMaster

2007-10-11, 13:04

FYI...

Kaspersky Online Scanner ActiveX Vuln
- http://secunia.com/advisories/27187/
Release Date: 2007-10-11
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Kaspersky Online Scanner 5.x
...The vulnerability affects versions 5.0.93.1 and prior.
Solution: Update to version 5.0.98.0.
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html ...
Original Advisory: Kaspersky:
http://www.kaspersky.com/news?id=207575572 ...

:fear:

AplusWebMaster

2007-11-21, 13:51

FYI...

BitDefender Online Scanner ActiveX vuln - update available
- http://secunia.com/advisories/27717/
Release Date: 2007-11-21
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0. Other versions may also be affected.
Solution: Update to the latest version (OScan82.ocx).
http://www.bitdefender.com/scan8/ie.html

:fear:

AplusWebMaster

2007-12-05, 18:10

FYI...

avast! vuln - update available
- http://secunia.com/advisories/27929/
Last Update: 2007-12-06
Critical: Highly critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: avast! Home/Professional 4.x
...The vulnerability is reported in versions prior to 4.7.1098.
Solution: Update to version 4.7.1098.
http://www.avast.com/eng/download.html ...
Original Advisory:
http://www.avast.com/eng/avast-4-home_pro-revision-history.html

:fear:

AplusWebMaster

2007-12-12, 13:56

FYI...

Trend Micro AV plus AS 2008, Internet Security 2008, Internet Security Pro 2008
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
12/10/07 - "...Remote memory corruption... long bogus file names from malformed ZIP files... Vulnerability only affects users with English Versions of TIS16 (Trend Micro Internet Security Pro, Trend Micro Internet Security/Virus Buster 2008) and TAV16 (TrendMicro Antivirus plus AntiSpyware 2008) build #1450 and older... You can download the TIS16.0 English language security patch here..."

:fear:

AplusWebMaster

2007-12-19, 16:33

FYI...

Clam AV vuln - update available
- http://secunia.com/advisories/28117/
Release Date: 2007-12-19
Critical: Highly critical
Impact: DoS, System access
Where: From remote
...The vulnerability is reported in versions prior to 0.92...
Solution: Update to version 0.92.

> http://www.clamav.org/
ClamAV Virus Databases: main.cvd ver. released on 09 Dec 2007 15:50 +0000

> http://www.clamwin.com/
The latest version of Clamwin Free Antivirus is 0.91.2

:fear:

AplusWebMaster

2007-12-21, 19:28

FYI...

- http://www.heise-security.co.uk/articles/100965
21.12.2007 - "...The list of manufacturers of antivirus software with critical security problems reads like a Who's Who of the industry: the blacklist of Zoller and Alvarez includes Avast, Avira, BitDefender, CA, ClamAV, Eset NOD32, F-Secure, Grisoft AVG, Norman, Panda and Sophos. iDefense uncovered critical buffer overflows in Kaspersky's scanner, McAfee's VirusScan and Trend Micro's security products. Secunia found the same thing in Symantec's E-mail Security, and ISS/IBM XForce caught out Microsoft's security products. All of these appeared just this year, and the list is by no means complete: the n.runs specialists alone say they have discovered more than 80 critical holes and passed them on to the manufacturers. As far as they know, only some thirty of them have been closed so far..."

:fear:

AplusWebMaster

2008-01-10, 12:56

FYI...

McAfee E-Business Svr vuln - update available
- http://secunia.com/advisories/28408/
Release Date: 2008-01-10
Critical: Moderately critical
Impact: System access, DoS
Where: From local network
Solution Status: Vendor Patch
Software: McAfee e-Business Server 8.x
...The vulnerability affects versions 8.5.2 and prior on Windows.
Solution: Update to version 8.5.3.
Original Advisory: McAfee:
https://knowledge.mcafee.com/article/542/614472_f.SAL_Public.html

AplusWebMaster

2008-02-14, 06:31

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/28907/
Release Date: 2008-02-12
Last Update: 2008-02-13
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerabilities are reported in versions prior to 0.92.1.
Solution: Update to version 0.92.1...
Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=575703 ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6595

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0318

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0728

:fear:

AplusWebMaster

2008-02-20, 14:33

FYI...

F-Secure vuln - hotfix available
- http://www.f-secure.com/security/fsc-2008-1.shtml
Last updated: 2008-02-19 ...
Risk Factor: High
The gateway passes archives unscanned
Mitigating Factors:
* Exploitation of these vulnerabilities requires specially crafted archives
* The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix..."

(More detail at the URL above.)

:fear:

AplusWebMaster

2008-02-27, 13:52

FYI...

Symantec RAR File vulns - updates available
- http://secunia.com/advisories/29140/
Release Date: 2008-02-27
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Scan Engine 5.x...
Original Advisory: SYM08-006:
http://www.symantec.com/avcenter/security/Content/2008.02.27.html ...
"...to ensure all available updates have been applied, users can manually launch and run LiveUpdate..."

AplusWebMaster

2008-03-10, 19:20

FYI...

Panda vuln - updates available
- http://secunia.com/advisories/29311/
Release Date: 2008-03-10
Critical: Less critical
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Software: Panda Antivirus + Firewall 2008, Panda Internet Security 2008 ...
Solution: Apply hotfix.
Panda Internet Security 2008 (hfp120801s1.exe):
http://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe
Panda Antivirus + Firewall 2008 (hft70801s1.exe):
http://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe ...
Original Advisory: Panda:
http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp
http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp ...

:fear:

AplusWebMaster

2008-03-17, 19:09

FYI...

F-Secure Security Advisory FSC-2008-2
- http://www.f-secure.com/weblog/archives/00001404.html
March 17, 2008 - "...The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors - including several antivirus vendors...including us. We've fixed a long list of our products to resolve these issues. Home users will get these fixes via the normal update system and they don't have to do anything... Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any public exploit methods for these vulnerabilities. For more information, please consult F-Secure Security Advisory FSC-2008-2* and CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats**."
* http://www.f-secure.com/security/fsc-2008-2.shtml
(Hotfixes/patches available)

** https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
17 March 2008 - "...The vulnerabilities described in this advisory can potentially affect programs that handle the archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. The Test Suite contains a set of fuzzed archive files in different formats, some of which may cause and some that are known to cause problems in common tools processing archived content..."

:fear:

AplusWebMaster

2008-04-05, 23:32

FYI...

CA Alert Notification Server service vuln - updates available
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103
Issued: April 3rd, 2008 - "CA's customer support is alerting customers to security risks in products that use the Alert Notification Server service. Multiple vulnerabilities exist that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.
The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
Risk Rating: High
Affected Products:
CA Anti-Virus for the Enterprise 7.1
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
Solution: CA has provided updates to address the vulnerabilities... (links at URL above)
Workaround: None..."

:fear:

AplusWebMaster

2008-04-14, 17:25

FYI...

ClamAV vuln
- http://secunia.com/advisories/29000/
Release Date: 2008-04-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Clam AntiVirus (clamav) 0.x
...The vulnerability is confirmed in versions 0.92 and 0.92.1. Prior versions may also be affected.
Solution: An updated version should be available shortly. The PE scanning module has been remotely switched off after 10/03/2008.

Do not scan untrusted PE files...

:fear:

AplusWebMaster

2008-04-15, 13:48

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/29000/
Last Update: 2008-04-15
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerabilities are reported in version 0.92.1. Prior versions may also be affected.
Solution: Update to version 0.93.
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1100

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1387

:fear:

AplusWebMaster

2008-06-17, 13:51

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/30657/
Release Date: 2008-06-17
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x...
The vulnerability is reported in versions prior to 0.93.1.
Solution: Update to version 0.93.1.
Original Advisory:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000 ...

Download:
http://sourceforge.net/project/showfiles.php?group_id=86638

:fear:

AplusWebMaster

2008-06-21, 19:33

Backtrack...

- http://atlas.arbor.net/briefs/index#-51119944
Severity: High Severity
Published: Friday, June 20, 2008 20:31

ClamAV vuln... now marked as "Unpatched"
- http://secunia.com/advisories/30657/
Last Update: 2008-06-20
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Unpatched ...
The vulnerability is confirmed in versions 0.93 and 0.93.1. Other versions may also be affected.
Solution: Disable the scanning of PE files.
NOTE: Version 0.93.1 only fixes a particular exploitation vector...
Changelog:
2008-06-20: Updated "Solution" section and marked the advisory as unpatched...

:fear::spider:

AplusWebMaster

2008-07-08, 00:14

FYI...

Panda ActiveScan vulns - update available
- http://secunia.com/advisories/30841/
Release Date: 2008-07-07
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Panda ActiveScan 2.0 1.x
...Successful exploitation allows execution of arbitrary code. According to the vendor, the vulnerabilities affect versions prior to version 1.02.00.
Solution: Update to version 1.02.00 or later.
http://www.pandasecurity.com/activescan

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3155
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3156

:fear:

AplusWebMaster

2008-07-30, 04:45

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/30657/
Last Update: 2008-07-28
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.93.3...
- http://sourceforge.net/project/shownotes.php?release_id=611890&group_id=86638

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2713
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3215

:fear:

AplusWebMaster

2008-07-30, 12:31

FYI...

AVG DoS vuln - update available
- http://secunia.com/advisories/31290/
Release Date: 2008-07-29
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: AVG Anti-Virus 8.x ...
...The vulnerability affects versions prior to 8.0.156.
Solution: Update to version 8.0.156 or later.
Original Advisory:
AVG: http://www.grisoft.com/ww.94247

n.runs AG: http://preview.tinyurl.com/6fcaye ...

- http://www.us-cert.gov/current/archive/2008/08/01/archive.html#avg_releases_update

Program update AVG Free 8.0 169: http://free.avg.com/ww.94096
August 25, 2008

:fear:

AplusWebMaster

2008-08-25, 14:59

FYI...

Trend Micro Web Mgmt authentication bypass...
- http://secunia.com/advisories/31373/
Last Update: 2008-08-29
Critical: Moderately critical
Impact: Security Bypass, Brute force
Where: From local network
Solution Status: Partial Fix
Software: Trend Micro Client Server Messaging Security for SMB 3.x
Trend Micro OfficeScan Corporate Edition 7.x
Trend Micro OfficeScan Corporate Edition 8.x
Trend Micro Worry-Free Business Security 5.x ...
Solution: Apply patches...
(See the URL above for links to patches.)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2433
Last revised: 09/05/2008

:fear:

AplusWebMaster

2008-09-12, 17:54

FYI...

Trend Micro OfficeScan Server - updates available
- http://secunia.com/advisories/31342/
Release Date: 2008-09-12
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix
...Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.3 with Patch 4 build 1362 applied and also affects OfficeScan version 7.0 and 8.0, and Client Server Messaging Security version 3.6, 3.5, 3.0, and 2.0.
Solution: Apply patches...

(Links to patches/updates available at the URL above.)

:fear:

AplusWebMaster

2008-10-02, 15:44

FYI...

Trend Micro OfficeScan multiple vulns - update available
- http://secunia.com/advisories/32097/
Release Date: 2008-10-02
Critical: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 8.x
...The vulnerabilities are reported in Trend Micro OfficeScan 8.0.
Solution: Apply patches.
Trend Micro OfficeScan 8.0 Service Pack 1:
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439.exe
Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1:
http://www.trendmicro.com/ftp/products/patches/OSCE8.0_SP1_Patch1_CriticalPatch_3087.exe
Original Advisory: ...Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt

:fear:

AplusWebMaster

2008-10-21, 15:19

FYI...

F-Secure vuln - update available
- http://secunia.com/advisories/32352/
Release Date: 2008-10-21
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Solution: Apply patches (please see the vendor's advisory for details).
Original Advisory: FSC-2008-3:
http://www.f-secure.com/security/fsc-2008-3.shtml ...

:fear:

AplusWebMaster

2008-10-21, 20:09

FYI...

McAfee update classifies Vista component as a Trojan
- http://www.theregister.co.uk/2008/10/21/mcafee_vista_trojan_false_alert/
21 October 2008 - "McAfee has fixed an update glitch that wrongly slapped a Trojan classification on components of Microsoft Vista. As a result of a misfiring update, published on Monday, the Windows Vista console IME executable was treated as a password-stealing Trojan. Depending on their setup, McAfee users applying would have typically found the component either quarantined or deleted. The antivirus firm fixed the glitch with a definition update on Tuesday that recognised the difference between the Vista component and malware, as explained in a write-up by McAfee here*. False positives with virus signature updates are a perennial problem for antivirus vendors, and the latest glitch is far from the first such occurrence to befall McAfee. Only two months ago in August McAfee wrongly categorised a plug-in for Microsoft Office Live Meeting as a Trojan."
* http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100683

AVG flags ZoneAlarm as malware
- http://news.cnet.com/8301-1009_3-10067148-83.html
October 15, 2008 - "Grisoft, makers of AVG antivirus, on Wednesday released a new update addressing a false positive in another security product. On Tuesday, AVG users reported desktops warnings that their desktop was infected with something called Trojan Agent r.CX... The ZoneAlarm user forum soon filled with concerned users... Laura Yecies, vice president and general manager of Check Point's ZoneAlarm consumer division said, "as soon as Check Point learned that AVG's recent antivirus update was mistakenly flagging a ZoneAlarm file as a virus, we contacted AVG and they issued an update within hours that corrected the problem. AVG users will automatically get the update that corrects the issue." In July, Grisoft modified its free AVG 8 due to complaints about a proactive scanning of a Web site feature. The feature that had been enabled in the paid version of the product did not scale with the free release causing spikes in Web traffic."
- http://www.theregister.co.uk/2008/10/16/avg_zonealarm_trojan_false_alarm/
16 October 2008 - "...The mis-firing AVG definition file tagged components of ZoneAlarm as infected with the Agent_r.CX Trojan horse and quarantined important files. As a result users running the popular antivirus package alongside security suite software from Check Point were left with a malfunctioning firewall, mystery infection reports and an inability to re-install their ZoneAlarm software..."

:fear::spider::sad:

AplusWebMaster

2008-10-22, 20:03

FYI...

Trend Micro OfficeScan vuln - update available
- http://secunia.com/advisories/32005/
Release Date: 2008-10-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 7.x, Trend Micro OfficeScan Corporate Edition 8.x...
Solution: Apply patches.
Trend Micro OfficeScan 8.0 SP1 Patch 1:
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe
Trend Micro OfficeScan 7.3:
http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe ...
Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt ...

- http://www.us-cert.gov/current/current_activity.html#trend_micro_officescan_critical_patch
October 22, 2008

:fear:

AplusWebMaster

2008-11-10, 14:58

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/32663/
Release Date: 2008-11-10
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.94.1.
> http://sourceforge.net/project/shownotes.php?release_id=637952&group_id=86638
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Also see: ClamWin Free Antivirus 0.94.1 released
- http://www.clamwin.com/content/view/205/1/
Download:
- http://www.clamwin.com/content/view/18/46/
Version 0.94.1; 24.5MB

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5050

:fear: