Full Disclosure mailing list archives
Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal
From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Tue, 23 Aug 2005 15:05:03 -0400
Since we are talking about HAURI... there are a few exploitable system() calls in the local setuid binaries. I have been to lazy to write them up. Perhaps soon I'll get off my ass and document them.
Off the top of my head I think the setuid virobot binary calls system("clear");
-KF Steven M. Christey wrote:
The vulnerability is caused due to unsafe extraction of compressed archives (e.g. ACE, ARJ, CAB, LZH, RAR, TAR and ZIP) into a temporary directory before scanning. This can be exploited to write files into arbitrary directories when scanning a malicious archive containing files that have "/../" or "../../" directory sequences in their filenames. ... Apply patches. ViRobot Linux Server 2.0: http://www.globalhauri.com/html/download/down_unixpatch.htmlThis vendor page is titled "ViRobot Unix/Linux Server Security Vulnerability Patch." However, it goes on to describe a buffer overflow problem: 1. Patch for Buffer Over Flow Vulnerability - Vulnerability Type : Buffer Over Flow - Introduction to Patch : Vulnerability Patch for BOF(Buffer Over Flow) via HTTP_COOKIE There is no mention of directory traversal. This inconsistency makes it unclear whether HAURI has specifically fixed the directory traversal issue, and in addition it mentions another potentially more serious issue that has likely been missed by most advisory readers. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Secunia Research (Aug 19)
- <Possible follow-ups>
- Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Andreas Marx (Aug 21)
- Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Steven M. Christey (Aug 23)
- Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal KF (lists) (Aug 23)
- Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Steven M. Christey (Aug 23)
- Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal KF (lists) (Aug 23)
- Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal KF (lists) (Aug 23)