Full Disclosure mailing list archives
LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine
From: "LSE Leading Security Experts GmbH (Security Advisories)" <advisories () lsexperts de>
Date: Thu, 13 Jun 2013 14:58:39 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 === Avira AntiVir Engine -- Denial of Service / Filtering Evasion - ------------------------------------------------------------- Affected Versions ================= Avira AntiVir Engine < 8.2.12.58 Affected products using the AntiVir engine are: Avira Server Security Avira AntiVir MailGate Avira AntiVir MailGate Suite Avira Exchange Security Avira AntiVir WebGate Avira AntiVir WebGate Suite Avira AntiVir SharePoint Avira Professional Security Avira AntiVir Personal Avira Savapi Problem Overview ================ Technical Risk: high Likelihood of Exploitation: high Vendor: Avira Operations GmbH & Co. KG Credits: LSE Leading Security Experts GmbH employees Markus Vervier and Eric Sesterhenn Advisory URL: http://www.lsexperts.de/advisories/lse-2013-06-13.txt Advisory Status: Public CVE-Number: CVE-2013-4602 Problem Description =================== While conducting a penetration test on a customer system LSE Leading Security Experts GmbH discovered a Denial of Service vulnerability and possible memory corruption in the Avira AntiVir Engine. By scanning specially crafted PDF documents, a bug can be triggered which causes an endless loop in the scanning engine. Temporary Workaround and Fix ============================ LSE Leading Security Experts GmbH advises to install the latest updates via the update functionality. The fix for this issue was released by Avira Operations GmbH on 2013-06-11. Problem Impact ============== When scanning specially crafted PDF documents an endless loop is caused in the Avira AntiVir scanning engine. This allows an attacker to stall the antivirus engine and prevent malicious files from being detected. Additionally an attacker may be able to cause the antivirus engine to consume all available resources on the system. In case of enterprise setups like for example mailgateways an effective Denial of Service attack can be launched on the whole system. LSE Leading Security Experts GmbH will provide additional details including a proof of concept on a later date to protect affected customers. History ======= 2013-06-05 Problem discovery during penetration testing 2013-06-06 Original vendor contacted 2013-06-06 Vulnerability confirmed by vendor 2013-06-11 Updated Engine Released 2013-06-13 CVE-2013-4602 assigned 2013-06-13 Coordinated Advisory Release - -- http://www.lsexperts.de LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt Tel.: +49 (0) 6151 86086-0, Fax: -299, Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649 Geschäftsführer: Oliver Michel, Sven Walther, Dr. Peter Schill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJRucH/AAoJEDgSCSGZ4yd8nDkQAIgBK74ghUVAaoUEm56PPvKq Ze/s0pC94yl6be4eauw9JFQLHjY2E55sbHiYgX9jGDedl2GoXLRTlLW47WdOw7LL VINyk7My8iNocp/lx2y54BIzhKaQG8m70FLBF9UUcN6ogFzMFPbx1FhfutSJ7Q9x snGQIGOsXCRKi5nTwCRjudF7xYGYbGagSrPgZF4Uc+PsvSKtzQ3RXrAaqXJncVoF uiNvETPoe0G2FHeUgPr5FNanpRhR1XsxoVPrYkfDMJ/JlOP2cfU5Yi+EePah9eaS ADUoWHUHjHk51N7RVYOWlQvEO2Ja+30DjuMyBtY1XqbZN/nW4x+Treq5dw4Mt7sW hf9NqV2t/pZ7A8dWa3uGYkdWJg95vabJYqguJ3Vtxs78HcvGwFEAyUfAlWe0Hm6t K8IOyIlOwVNG3Q6MMNQV9M9EOgeY+p7bF1Dkv6KpZ2TMcRDTap5Q2MdzJ8iAe8gi Zy1KC/pVTSi+J3koBF4Q4NJhEhp9Vtl+u2AulsWCwl8lQRudib7NEav5SfN/ZZZd TWr2vKzkBZ5rM9yjIvDjzjDRrDZDjHlrSu3bx032MIIpJlyz5j/nKXULVCY5zQfh pBebP8UF4cXgUy/v2K64JEI9FqLyGkBHT0PacI1/gtcyMdM1veDL/YOqSFLfowUP A/LqiRtXoss0Rmtc+C3f =hRth -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine LSE Leading Security Experts GmbH (Security Advisories) (Jun 13)