Full Disclosure mailing list archives
[IVIZ-08-014] AVG antivirus for Linux vulnerability
From: "iViZ Security Advisories" <advisories () ivizsecurity com>
Date: Wed, 10 Dec 2008 17:31:09 +0530
----------------------------------------------------------------------- [ iViZ Security Advisory 08-014 10/12/2008 ] ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com ----------------------------------------------------------------------- * Title: AVG antivirus for Linux vulnerability * Date: 10/12/2008 * Software: AVG version 7.5.51 --[ Synopsis: AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files. --[ Affected Software: * AVG for Linux version 7.5.51 (current), possibly others. --[ Impact: Remote DoS, possibly remote code execution. --[ Vendor response: * None. --[ Credits: This vulnerability was discovered by Security Researcher Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd. --[ Disclosure timeline: * First attempt to contact the vendor on September 18th 2008. * Received an automated reply on September 18th 2008. * No actual reponse from vendor in spite of our multiple emails. --[ Reference: http://www.ivizsecurity.com/security-advisory.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [IVIZ-08-014] AVG antivirus for Linux vulnerability iViZ Security Advisories (Dec 10)