Multiple AV vendor vulns - archived

ClamAV vuln - update available

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/32926/
Release Date: 2008-12-02
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerability is reported in versions prior to 0.94.2.
Solution: Update to version 0.94.2.
Original Advisory: ClamAV:
http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=643134

Download:
- http://www.clamav.net/download/sources
"...Latest stable release: ClamAV 0.94.2..."

Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

:fear:
 
FYI...

ESET Smart Security vuln - update available
- http://secunia.com/advisories/33210/
Release Date: 2008-12-19
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software: ESET Smart Security 3.x
...The vulnerability is confirmed in version 3.0.672. Other versions prior to 3.0.684 may also be affected...
Solution: Update to version 3.0.684...
- http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5
• stability and security fixes

:fear:
 
FYI...

Sophos AV vuln - update available
- http://secunia.com/advisories/33177/
Release Date: 2008-12-19
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
...The vulnerability is caused due to an unspecified error when processing certain malformed CAB archives. This can be exploited to crash the application and may allow the execution of arbitrary code...
Solution: Fixed in the Sophos virus engine 2.82.1.
Original Advisory: Sophos:
http://www.sophos.com/support/knowledgebase/article/50611.html ...

:fear:
 
FYI...

Trend Micro HouseCall ActiveX vuln - update available
- http://secunia.com/advisories/31583/
Release Date: 2008-12-21
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Trend Micro HouseCall ActiveX Control 6.x, Trend Micro HouseCall Server 6.x
...Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in versions 6.51.0.1028 and 6.6.0.1278. Other versions may also be affected.
Solution: Remove the ActiveX control and install version 6.6.0.1285.
http://prerelease.trendmicro-europe.com/hc66/launch/

:fear:
 
FYI...

Avira Antivir vuln - update available
- http://secunia.com/advisories/33541/
Release Date: 2009-01-15
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Avira AntiVir Personal Edition Classic 7.x, 8.x, Premium 7.x, Premium 8.x, Premium Security Suite 7.x, Server 6.x, UNIX MailGate 2.x, Workstation 7.x, 8.x, Premium Security Suite 7.x
...The vulnerabilities are caused due to errors in the handling of RAR files. These can be exploited to crash an affected program via a specially crafted RAR archive.
Solution: Update the scanning engine to versions 7.9.0.54, 8.2.0.54, or later.
Original Advisory: Avira:
http://forum.avira.com/wbb/index.php?page=Thread&threadID=81148 ...

:fear:
 
F-Secure Anti-Virus Client Security hotfix

FYI...

F-Secure Anti-Virus Client Security hotfix
- http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml
Feb 17, 2009 - "Client Security Hotfix fsav744-06
F-Secure Client Security versions 7.12 * All supported platforms
...After having applied this hotfix, the product gains ability to handle USB-carried malware known under the following aliases: Downadup and Conficker.
Note: A reboot is not required after installing the hotfix..."

:fear:
 
ClamAV multiple vulns - update available

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/34566/
Release Date: 2009-04-03
Critical: Moderately critical
Impact: Security Bypass, DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x ...
Solution: Update to version 0.95...
- http://www.clamav.net/download/sources

- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1241
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1270
Last revised: 04/10/2009

:fear:
 
Last edited:
Symantec - SYM09-007

FYI...

Symantec Alert Management System 2 multiple vulns - SYM09-007
- http://preview.tinyurl.com/dngt55
April 28, 2009 Symantec Security Advisories:
Remote Access: Yes
Local Access: Yes...
"The version of Alert Management System 2 (AMS2) used by some versions of Symantec System Center, Symantec Antivirus Server, and Symantec AntiVirus Central Quarantine Server contains four vulnerabilities... (see) Affected Products table... Updates have been released to address these issues..."
- http://secunia.com/advisories/34856/2/
Release Date: 2009-04-29
Critical: Moderately critical
Impact: Privilege escalation, System access
Where: From local network
Solution Status: Vendor Patch
Software: Symantec AntiVirus Corporate Edition 10.x, Symantec AntiVirus Corporate Edition 9.x, Symantec Client Security 2.x, Symantec Client Security 3.x, Symantec Endpoint Protection 11.x...

- http://preview.tinyurl.com/cacnwe
Symantec Security Advisories
4/28/09 - Symantec Alert Management System 2 multiple vulnerabilities - SYM09-007
4/28/09 - Symantec Log Viewer JavaScript Injection Vulnerabilities - SYM09-006
4/28/09 - Symantec Reporting Server Improper URL Handling Exposure - SYM09-008

:fear::spider:
 
Last edited:
McAfee Security Bulletin - VirusScan Engine update fixes bypasses

FYI...

McAfee Security Bulletin - VirusScan Engine update fixes bypasses
- https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
April 29, 2009
• Description
There is an issue with engine DAT versions where specially crafted archive files could cause a scanning process to miss files within the archive. These archives are corrupt, but still functional by some end user archive programs. This could allow malware to bypass a scanner on a gateway. Users utilizing on-access scanning on endpoint devices should not be affected, as the scanner will see the files after the archive is opened. An attack, even if it is successful at bypassing the gateway, will have no lasting effect on the endpoint running an on-access scanner, which is the default and recommended way of running our Anti-Virus products. Updating to the latest product version will resolve this issue.
• Remediation
Overview: Download appropriate DAT file 5600 or later.
Obtaining the Binaries: http://www.mcafee.com/apps/downloads/security_updates/dat.asp
• Workaround
All users should enable On-Access-Scanning on all endpoint devices. This is the default setting after installation. By using On-Access-Scanning, endpoints will catch any threats that may pass on gateway devices. McAfee has long supported a defense-in-depth strategy that includes running antivirus software on multiple points of your network, including gateways, file servers, and especially endpoints...

:fear::fear:
 
AVG 8.5 vuln - updates available

FYI...

AVG 8.5 vuln - updates available
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1784
Last revised: 05/26/2009
CVSS v2 Base Score: 10.0 (HIGH)

- http://xforce.iss.net/xforce/xfdb/50426
... Platforms Affected:
* AVG, AVG Anti-Virus 6.0.710
* AVG, AVG Anti-Virus 7.0
* AVG, AVG Anti-Virus 7.0.251
* AVG, AVG Anti-Virus 7.0.323
* AVG, AVG Anti-Virus 7.1.308
* AVG, AVG Anti-Virus 7.1.407
* AVG, AVG Anti-Virus 7.5.448
* AVG, AVG Anti-Virus 7.5.476
* AVG, AVG Anti-Virus 8.0
* AVG, AVG Anti-Virus 8.0.156
Remedy: Upgrade to the latest version of AVG (8.5 build 323 or later), available from the AVG Web site...

Program update AVG 8.5.323 SP1
- http://www.avg.com/223363
... Fixes
• Core: Fixed problem with crash while scanning PDF files.
• Core: Fixed occasional crash of scanning engine.
• Core: Fixed problem of crash while healing Mozilla Firefox 3 cookies.
• Core: Fixed problem with processing slowdown during Resident Shield scanning LNK files.
• Core: Fixed problem with ZoneAlarm incompatibility.
• Core: Fixed problem with missed detection in corrupted *.cab and *.zip archives (thanks to Thierry Zoller)...

:fear:
 
Last edited:
McAfee false positive/sporadic...

FYI...

McAfee false positive...
- http://www.theregister.co.uk/2009/06/09/mcafee_update_snafu/
9 June 2009 - "A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums. The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base*. Posts on McAfee's support forum** paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign..."
* https://kc.mcafee.com/corporate/index?page=content&id=KB65943
June 08, 2009
** http://community.mcafee.com/showthread.php?t=231060

:fear::oops::sad:
 
F-secure - Mail relay vuln - update available

FYI...

F-secure - Mail relay vuln - update available
- http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-2.html
2009-06-16 - "...Specially crafted messages may be used to bypass mail relay restrictions.
Mitigating factors:
* The issue only affects systems where the SMTP Turbo module is used for mail distribution.
* Incorrectly relayed messages still pass through spam filtering, which decreases the vulnerability’s usefulness for spam relaying.
Affected platforms: All supported platforms
Products: F-Secure Messaging Security Gateway 5.5.x...

- http://secunia.com/advisories/35475/2/
Release Date: 2009-06-16
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
OS: F-Secure Messaging Security Gateway P-Series, F-Secure Messaging Security Gateway X-Series...
Solution: The vendor has fixed the vulnerability in patch 739, delivered automatically to affected systems. Approve the installation of patch 739 for systems not configured for automatic patch installation...

:fear:
 
McAfee false-positive glitch...

FYI...

McAfee false-positive glitch...
- http://www.theregister.co.uk/2009/07/03/mcafee_false_positive_glitch/
3 July 2009 22:48 GMT - "IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded BSOD. Details are still coming in, but forums here* and here** show that it's affecting McAfee customers in Germany, Italy, and elsewhere... Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664..."
* http://forums.mcafeehelp.com/showthread.php?p=569669
** http://forums.mcafeehelp.com/showthread.php?t=231904

- http://www.eweek.com/index2.php?option=content&task=view&id=54685&pop=1&hide_ads=1&page=0&hide_js=1
2009-07-06 - "... On July 3, McAfee users running old versions of the VirusScan engine found themselves facing false positives after downloading a DAT file that labeled legitimate programs as malware. According to McAfee support forums, the glitch led to authorized programs being quarantined, and in some cases brought about the infamous "blue screen of death"... A McAfee spokesperson said the incorrect identification was resolved in the daily release, and stressed that customers running the most current software were not affected... According to McAfee, customers running Version 5200 or newer were not impacted by the problem. The most current versions are VirusScan Enterprise 8.7 and scanning engine 5301... "

:confused::fear:
 
Last edited:
CA - false positive

FYI...

CA - false positive
- http://www.theregister.co.uk/2009/07/10/ca_rogue_av_update/
10 July 2009 - "... The update, issued on Wednesday, falsely labeled important Windows system files as potentially malign, dispatching them into quarantine. The action prevents Windows XP systems from booting properly... In a statement (below), CA said it issued a revised update on Thursday that resolved the problem.
'On July 8, 2009 at 11:00am EST, a CA DAT file release contained improperly formed malware detections that errantly detected clean files from Microsoft Windows Service Pack 3 and from the commercial Cygwin application. Affected files were detected as "Win32\Amalum" variants with extensions such as ZZNRA, ZZOFK, ZZNPB, and ZZNRA.
All files falsely detected as malware by these errant signatures were quarantined and renamed with the following text added to the file name "*.AVB". This prevented the affected files from running as the ".exe" file. It's important to note that the affected files remain fully intact, only the file extensions were modified.
On July 9, 2009 at 3:30am EST the file was corrected and released.' ..."

> http://preview.tinyurl.com/lyh5s9
Document ID: 3413 - Modify Date: Thursday, July 09, 2009 - "... false positive due to CA Anti-Virus Update # 6604 and has been corrected with CA Anti-Virus Update # 6606 or later..."

:fear::lip::oops:
 
Kaspersky vulns - update available

FYI...

Kaspersky Anti-Virus / Kaspersky Internet Security 2010
Critical Fix 1 (version 9.0.0.463)
- http://www.kaspersky.com/technews?id=203038755
07.23.2009
"FIXES:
1. Problem with system instability after long period of program operation has been fixed.
2. Error causing BSOD while updating the emulator driver has been fixed.
3. Pop-up message in the URL checking module has been fixed (for the Spanish version).
4. Problem with pausing the scan task while third party programs are running in full-screen mode has been fixed.
5. Problem with the update task freezing at system startup has been fixed.
6. Vulnerability that allowed disabling of computer protection using an external script has been eliminated.
7. Driver crash in rare cases while processing a write operation has been fixed.
8. Crash while processing data incompliant with the protocol of Mail.Ru Agent has been fixed.
Download Here..."

:fear:
 
Vista AV tests - August 2009 - VB100

FYI...

- http://www.theregister.co.uk/2009/08/06/vista_anti_virus_tests/
6 August 2009 - "Security vendors including CA and Symantec failed to secure Windows systems without fault in recent independent tests. Twelve of the 35 anti-virus products put through their paces by independent security certification body Virus Bulletin failed to make the grade for one reason or another and therefore failed to achieve the VB100 certification standard. The main faults were either a failure to detect a threat known to be in circulation (one particularly tricky polymorphic file infector caused the most grief in this area) or creating a false alarm about a file known to be benign. Virus Bulletin's VB100 tests benchmarks the performance of a vendor submitted anti-virus product against a set of malware from the WildList, a list of viruses known to be circulating. To gain VB100 certification, a security product must correctly detect all of these malware strains without blowing the whistle when scanning a batch of clean files. Vendors only get one run at passing the tests, which are conducted free of charge to security software manufacturers... The results of the August 2009 VB100 review can be seen here* (free registration required)... Virus Bulletin recently began assessing the reactive and proactive detection abilities of anti-virus products alongside the long-established VB100 tests. The new tests are a reflection that the malware landscape has changed radically over recent years, with greater malware volumes and targeted attacks... overall performance of security products in proactively detecting malware was "disappointingly low" in several cases (see chart here**). "We saw some particularly poor detection of emerging threats and the products in question have a lot of work to do if they are to provide acceptable protection for their customers...."

* http://www.virusbtn.com/vb100/archive/2009/08

** http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Feb-Aug09.jpg

:fear:
 
Sophos SAVScan vuln - updates available

FYI...

Sophos SAVScan vuln - updates available
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6904
Last revised: 08/07/2009
CVSS v2 Base Score: 10.0 (HIGH)

> http://www.sophos.com/support/knowledgebase/article/50611.html
"... The vulnerability has been removed from all versions of Sophos Anti-Virus running the virus engine, version 2.82.1 and above...
1. Check that you have the latest version of Sophos Anti-Virus on your computers.
2. If necessary update to ensure you have virus engine version 2.82.1 or above..."

:fear:
 
CA false positives...

FYI...

CA false positives...
- http://www.dynamoo.com/blog/2009/08/ca-etrust-goes-nuts-with-stdwin32-and.html
12 August 2009 - "CA eTrust ITM has gone completely nuts today, with a load of seemingly random false positives mostly for StdWin32 in a large number of binaries, including some components of eTrust itself. The core problem seems to be a signature update from 31.6.6672 to 33.3.7051, there seems to be little consistency in what is being detected as a false positive although there are multiple occurrences of Nokia software, VNC and event DLLs and EXEs belonging to eTrust's core components...
Update 2: Signature pattern 34.0.6674 appears to fix this problem..."

CA / ITM False Positive Notice
> http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=214397
Published: 12 Aug 2009

> https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214394
___

- http://www.theregister.co.uk/2009/08/12/ca_auto_immune_update/
12 August 2009

- http://isc.sans.org/diary.html?storyid=6955
Last Updated: 2009-08-13 01:35:11 UTC

:fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top