Vulnerability Development mailing list archives
Fw: f-prot antivirus useless buffer overflow
From: Knud Erik Højgaard <kain () ircop dk>
Date: Thu, 6 Feb 2003 19:51:00 +0100
bugtraq-owner () securityfocus com wrote:
-------------------- >>>>>Send this to vuln-dev and note the possibility of exploitation through configurations such as backup scripts, etc. <<<<< -------------------- <<<<<
Silly backupscripts using arguments to the f-prot binary in a silly way may be vulnerable. -- Knud Erik Højgaard
--- Begin Message --- From: Knud Erik Højgaard <kain () ircop dk>
Date: Thu, 6 Feb 2003 18:02:36 +0100
<crap> This advisory may be found at http://kokanins.homepage.dk/ This advisory may not be reproduced, in part or in full, unless this notice is included. This advisory was written by knud. </crap> I. BACKGROUND According to the vendor "F-Prot TM is a quick and easy to use antivirus software package, specially designed to protect your data from virus infection and to remove any virus that may have infected your computersystem." F-prot is available from www.f-prot.com. II. DESCRIPTION Insufficient bounds checking leads to execution of arbitrary code. Useless exploit at http://kokanins.homepage.dk/f-prot.pl III. ANALYSIS Since f-prot is not suid/sgid the overflowing of the command line pose no initial danger unless the admin interferes, and setting +s on strange binaries must be considered inappropriate at the least. IV. DETECTION F-Prot FreeBSD for Small Business [TM] 3.12b, released on Sep. 30th 2002, the latest available at the time of writing, is known to be vulnerable. V. WORKAROUND below VI. VENDOR FIX [mail received from vendor] Dear Knud, Thank you for your mail. This as bean fixed. best regards, Arnar Thor VII. CVE INFORMATION unknown VIII. DISCLOSURE TIMELINE who cares IX. CREDIT knud
--- End Message ---
Current thread:
- Fw: f-prot antivirus useless buffer overflow Knud Erik Højgaard (Feb 06)
- Re: Fw: f-prot antivirus useless buffer overflow Jonas the Netwanderer (Feb 07)
- Re: Fw: f-prot antivirus useless buffer overflow Jonas the Netwanderer (Feb 07)
- Re: Fw: f-prot antivirus useless buffer overflow Jonas the Netwanderer (Feb 07)