Multiple AV vendor vulns - archived

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/28907/
Release Date: 2008-02-12
Last Update: 2008-02-13
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerabilities are reported in versions prior to 0.92.1.
Solution: Update to version 0.92.1...
Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=575703 ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6595

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0318

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0728

:fear:
 
Last edited:
F-Secure vuln - hotfix available

FYI...

F-Secure vuln - hotfix available
- http://www.f-secure.com/security/fsc-2008-1.shtml
Last updated: 2008-02-19 ...
Risk Factor: High
The gateway passes archives unscanned
Mitigating Factors:
* Exploitation of these vulnerabilities requires specially crafted archives
* The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix..."

(More detail at the URL above.)

:fear:
 
FYI...

Symantec RAR File vulns - updates available
- http://secunia.com/advisories/29140/
Release Date: 2008-02-27
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Scan Engine 5.x...
Original Advisory: SYM08-006:
http://www.symantec.com/avcenter/security/Content/2008.02.27.html ...
"...to ensure all available updates have been applied, users can manually launch and run LiveUpdate..."
 
FYI...

Panda vuln - updates available
- http://secunia.com/advisories/29311/
Release Date: 2008-03-10
Critical: Less critical
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Software: Panda Antivirus + Firewall 2008, Panda Internet Security 2008 ...
Solution: Apply hotfix.
Panda Internet Security 2008 (hfp120801s1.exe):
http://www.pandasecurity.com/resources/sop/Platinum2008/hfp120801s1.exe
Panda Antivirus + Firewall 2008 (hft70801s1.exe):
http://www.pandasecurity.com/resources/sop/PAVF08/hft70801s1.exe ...
Original Advisory: Panda:
http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp
http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp ...

:fear:
 
F-Secure Security Advisory FSC-2008-2

FYI...

F-Secure Security Advisory FSC-2008-2
- http://www.f-secure.com/weblog/archives/00001404.html
March 17, 2008 - "...The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors - including several antivirus vendors...including us. We've fixed a long list of our products to resolve these issues. Home users will get these fixes via the normal update system and they don't have to do anything... Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any public exploit methods for these vulnerabilities. For more information, please consult F-Secure Security Advisory FSC-2008-2* and CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats**."
* http://www.f-secure.com/security/fsc-2008-2.shtml
(Hotfixes/patches available)

** https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
17 March 2008 - "...The vulnerabilities described in this advisory can potentially affect programs that handle the archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. The Test Suite contains a set of fuzzed archive files in different formats, some of which may cause and some that are known to cause problems in common tools processing archived content..."

:fear:
 
FYI...

CA Alert Notification Server service vuln - updates available
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103
Issued: April 3rd, 2008 - "CA's customer support is alerting customers to security risks in products that use the Alert Notification Server service. Multiple vulnerabilities exist that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.
The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
Risk Rating: High
Affected Products:
CA Anti-Virus for the Enterprise 7.1
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
Solution: CA has provided updates to address the vulnerabilities... (links at URL above)
Workaround: None..."

:fear:
 
FYI...

ClamAV vuln
- http://secunia.com/advisories/29000/
Release Date: 2008-04-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Clam AntiVirus (clamav) 0.x
...The vulnerability is confirmed in versions 0.92 and 0.92.1. Prior versions may also be affected.
Solution: An updated version should be available shortly. The PE scanning module has been remotely switched off after 10/03/2008.

Do not scan untrusted PE files...

:fear:
 
FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/29000/
Last Update: 2008-04-15
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerabilities are reported in version 0.92.1. Prior versions may also be affected.
Solution: Update to version 0.93.
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1100

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1387

:fear:
 
Last edited:
Backtrack...

- http://atlas.arbor.net/briefs/index#-51119944
Severity: High Severity
Published: Friday, June 20, 2008 20:31

ClamAV vuln... now marked as "Unpatched"
- http://secunia.com/advisories/30657/
Last Update: 2008-06-20
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Unpatched ...
The vulnerability is confirmed in versions 0.93 and 0.93.1. Other versions may also be affected.
Solution: Disable the scanning of PE files.
NOTE: Version 0.93.1 only fixes a particular exploitation vector...
Changelog:
2008-06-20: Updated "Solution" section and marked the advisory as unpatched...

:fear::spider:
 
Panda ActiveScan vulns - update available

FYI...

Panda ActiveScan vulns - update available
- http://secunia.com/advisories/30841/
Release Date: 2008-07-07
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Panda ActiveScan 2.0 1.x
...Successful exploitation allows execution of arbitrary code. According to the vendor, the vulnerabilities affect versions prior to version 1.02.00.
Solution: Update to version 1.02.00 or later.
http://www.pandasecurity.com/activescan

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3155
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3156

:fear:
 
Last edited:
FYI...

AVG DoS vuln - update available
- http://secunia.com/advisories/31290/
Release Date: 2008-07-29
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: AVG Anti-Virus 8.x ...
...The vulnerability affects versions prior to 8.0.156.
Solution: Update to version 8.0.156 or later.
Original Advisory:
AVG: http://www.grisoft.com/ww.94247

n.runs AG: http://preview.tinyurl.com/6fcaye ...

- http://www.us-cert.gov/current/archive/2008/08/01/archive.html#avg_releases_update

Program update AVG Free 8.0 169: http://free.avg.com/ww.94096
August 25, 2008

:fear:
 
Last edited:
FYI...

Trend Micro Web Mgmt authentication bypass...
- http://secunia.com/advisories/31373/
Last Update: 2008-08-29
Critical: Moderately critical
Impact: Security Bypass, Brute force
Where: From local network
Solution Status: Partial Fix
Software: Trend Micro Client Server Messaging Security for SMB 3.x
Trend Micro OfficeScan Corporate Edition 7.x
Trend Micro OfficeScan Corporate Edition 8.x
Trend Micro Worry-Free Business Security 5.x ...
Solution: Apply patches...
(See the URL above for links to patches.)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2433
Last revised: 09/05/2008

:fear:
 
Last edited:
FYI...

Trend Micro OfficeScan Server - updates available
- http://secunia.com/advisories/31342/
Release Date: 2008-09-12
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix
...Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.3 with Patch 4 build 1362 applied and also affects OfficeScan version 7.0 and 8.0, and Client Server Messaging Security version 3.6, 3.5, 3.0, and 2.0.
Solution: Apply patches...

(Links to patches/updates available at the URL above.)

:fear:
 
Trend Micro OfficeScan multiple vulns - update available

FYI...

Trend Micro OfficeScan multiple vulns - update available
- http://secunia.com/advisories/32097/
Release Date: 2008-10-02
Critical: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 8.x
...The vulnerabilities are reported in Trend Micro OfficeScan 8.0.
Solution: Apply patches.
Trend Micro OfficeScan 8.0 Service Pack 1:
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439.exe
Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1:
http://www.trendmicro.com/ftp/products/patches/OSCE8.0_SP1_Patch1_CriticalPatch_3087.exe
Original Advisory: ...Trend Micro:
http://www.trendmicro.com/ftp/docum...8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt

:fear:
 
AV "false positive" system killers

FYI...

McAfee update classifies Vista component as a Trojan
- http://www.theregister.co.uk/2008/10/21/mcafee_vista_trojan_false_alert/
21 October 2008 - "McAfee has fixed an update glitch that wrongly slapped a Trojan classification on components of Microsoft Vista. As a result of a misfiring update, published on Monday, the Windows Vista console IME executable was treated as a password-stealing Trojan. Depending on their setup, McAfee users applying would have typically found the component either quarantined or deleted. The antivirus firm fixed the glitch with a definition update on Tuesday that recognised the difference between the Vista component and malware, as explained in a write-up by McAfee here*. False positives with virus signature updates are a perennial problem for antivirus vendors, and the latest glitch is far from the first such occurrence to befall McAfee. Only two months ago in August McAfee wrongly categorised a plug-in for Microsoft Office Live Meeting as a Trojan."
* http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100683

AVG flags ZoneAlarm as malware
- http://news.cnet.com/8301-1009_3-10067148-83.html
October 15, 2008 - "Grisoft, makers of AVG antivirus, on Wednesday released a new update addressing a false positive in another security product. On Tuesday, AVG users reported desktops warnings that their desktop was infected with something called Trojan Agent r.CX... The ZoneAlarm user forum soon filled with concerned users... Laura Yecies, vice president and general manager of Check Point's ZoneAlarm consumer division said, "as soon as Check Point learned that AVG's recent antivirus update was mistakenly flagging a ZoneAlarm file as a virus, we contacted AVG and they issued an update within hours that corrected the problem. AVG users will automatically get the update that corrects the issue." In July, Grisoft modified its free AVG 8 due to complaints about a proactive scanning of a Web site feature. The feature that had been enabled in the paid version of the product did not scale with the free release causing spikes in Web traffic."
- http://www.theregister.co.uk/2008/10/16/avg_zonealarm_trojan_false_alarm/
16 October 2008 - "...The mis-firing AVG definition file tagged components of ZoneAlarm as infected with the Agent_r.CX Trojan horse and quarantined important files. As a result users running the popular antivirus package alongside security suite software from Check Point were left with a malfunctioning firewall, mystery infection reports and an inability to re-install their ZoneAlarm software..."

:fear::spider::sad:
 
Last edited:
FYI...

Trend Micro OfficeScan vuln - update available
- http://secunia.com/advisories/32005/
Release Date: 2008-10-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 7.x, Trend Micro OfficeScan Corporate Edition 8.x...
Solution: Apply patches.
Trend Micro OfficeScan 8.0 SP1 Patch 1:
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe
Trend Micro OfficeScan 7.3:
http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe ...
Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt ...

- http://www.us-cert.gov/current/current_activity.html#trend_micro_officescan_critical_patch
October 22, 2008

:fear:
 
ClamAV vuln - update available

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/32663/
Release Date: 2008-11-10
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.94.1.
> http://sourceforge.net/project/shownotes.php?release_id=637952&group_id=86638
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Also see: ClamWin Free Antivirus 0.94.1 released
- http://www.clamwin.com/content/view/205/1/
Download:
- http://www.clamwin.com/content/view/18/46/
Version 0.94.1; 24.5MB

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5050

:fear:
 
Last edited:
Back
Top