Full Disclosure mailing list archives
[ GLSA 200410-31 ] Archive::Zip: Virus detection evasion
From: Thierry Carrez <koon () gentoo org>
Date: Fri, 29 Oct 2004 15:05:24 +0200
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200410-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Archive::Zip: Virus detection evasion Date: October 29, 2004 Bugs: #68616 ID: 200410-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Email virus scanning software relying on Archive::Zip can be fooled into thinking a ZIP attachment is empty while it contains a virus, allowing detection evasion. Background ========== Archive::Zip is a Perl module containing functions to handle ZIP archives. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-perl/Archive-Zip < 1.14 >= 1.14 Description =========== Archive::Zip can be used by email scanning software (like amavisd-new) to uncompress attachments before virus scanning. By modifying the uncompressed size of archived files in the global header of the ZIP file, it is possible to fool Archive::Zip into thinking some files inside the archive have zero length. Impact ====== An attacker could send a carefully crafted ZIP archive containing a virus file and evade detection on some email virus-scanning software relying on Archive::Zip for decompression. Workaround ========== There is no known workaround at this time. Resolution ========== All Archive::Zip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-perl/Archive-Zip-1.14" References ========== [ 1 ] iDEFENSE Security Advisory 10.18.04 http://www.idefense.com/application/poi/display?id=153 [ 2 ] rt.cpan.org bug #8077 http://rt.cpan.org/NoAuth/Bug.html?id=8077 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200410-31.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [ GLSA 200410-31 ] Archive::Zip: Virus detection evasion Thierry Carrez (Oct 29)