Next Page >>
VirusScan
Disclosure Policy :
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
Affected products :
- McAfee VirusScan® Plus 2009
- McAfee Total Protection™ 2009
- McAfee Internet Security
- McAfee VirusScan USB
- McAfee VirusScan Enterprise
- McAfee VirusScan Enterprise Linux
- McAfee PortalShield
- McAfee Total Protection Service (SaaS)
- McAfee Virex
- McAfee Total Protection™ 2009
- McAfee Internet Security
- McAfee VirusScan USB
- McAfee VirusScan Enterprise
- McAfee VirusScan Enterprise Linux
- McAfee VirusScan Enterprise for SAP
- McAfee VirusScan Enterprise for Storage
- McAfee VirusScan Commandline
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I - TITLE
Security advisory: McAfee Virus Scan for Linux and Unix v5.10.0 Local
Buffer Overflow
II - SUMMARY
Description: Local buffer overflow vulnerability in McAfee Virus Scan
Abstract:
Some Windows antivirus software fails to detect, block and/or
disinfect/move/delete malware if the malware EXE file has only
execution permission and no read, write or other permissions.
The worst cases are NOD32 and Avast antivirus, which allow the
malware to run unimpeded. Avast has fixed the flaw while NOD32
is still vulnerable as of this writing.
Virus detail: W32.Fakerecy and W32.SillyFDC are worms that spread by copying themselves to removable and/or mapped drives.
RESOLUTION
HP is providing the following procedure to resolve this vulnerability:
1. HP recommends that the optional HP USB Floppy Drive Key be checked for the potential virus infections and cleaned. To detect and clean this virus infection the HP USB Floppy Drive Key can be plugged into a USB 2.0 port on a system with current (up-to-date) anti-virus software and scanned.
2. If the optional HP USB Floppy Drive Key has been used in an environment without current (up-to-date) anti-virus software then the W32.Fakerecy or W32.SillyFDC virus may have spread to any mapped drives on the server. In this case HP recommends that the server and mapped drives are scanned with current (up-to-date) anti-virus software.
This virus infection would have been immediately detected and cleaned if the optional HP USB Floppy Drive Key had been used in an environment with any current (up-to-date) anti-virus software
[DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS
SAP Netweaver Virus Scan Interface has linked XSS vulnerabilities.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs: XSS
Reported: 01.04.2010
Vendor response: 08.04.2010
ShineShadow Security Report 15092009-09
TITLE
Local privilege escalation vulnerability in Protector Plus antivirus software
BACKGROUND
Protector Plus range of antivirus products are known the world over for their efficiency and reliability. Protector Plus Antivirus Software is available for Windows Vista, Windows XP, Windows Me, Windows 2000, Windows 98, Windows 2000/2003/NT server and NetWare platforms. Protector Plus Antivirus Software is the ideal antivirus protection for your computer against all types of malware like viruses, trojans, worms and spyware.
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 21, 2007
I. BACKGROUND
Trend Micro Inc.'s ServerProtect is an anti-virus software for Microsoft
Windows and Novell NetWare servers. It enables network administrators to
manage multiple deployments from a single management console. For more
information, please visit vendor's website at the following URL.
http://us.trendmicro.com/us/products/enterprise/serverprotect-for-microsoft-windows/index.html
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 21, 2007
I. BACKGROUND
Trend Micro Inc.'s ServerProtect is an anti-virus software for Microsoft
Windows and Novell NetWare servers. It enables network administrators to
manage multiple deployments from a single management console. For more
information, please visit vendor's website at the following URL.
http://us.trendmicro.com/us/products/enterprise/serverprotect-for-microsoft-windows/index.html
Avira AntiVir Premium
Avira Premium Security Suite
Avira AntiVir Professional
Avira AntiVir for KEN! 4
Avira AntiVir SharePoint
Avira AntiVir Virus Scan Adapter for SAP NetWeaver®
Avira AntiVir MailGate
Avira MailGate Suite
Avira AntiVir Exchange
Avira AntiVir MIMEsweeper
Avira AntiVir Domino
Impact: Protection is bypassed by default
After mitigation: Residual risk of an administrator deblocking a
file as there is no detection of malicious code.
Mitigation recommendations from Trend:
1. Set the "Virus Scan > Action > Files outside of scan restriction
Criteria" to any of the secured options. Quarantined entire message
and set to Notify
2. The CAB file will be blocked and the Administrator will
receive the email notification.
16/04/2009 : Resending specifying this is the last attempt to disclose
reponsibly.
No reply.
18/04/2009 : Online virus scan service offered to gap the bridge between
vendors that don't reply and myself. Aladin was contacted
through third party.
No reaction
by Alexey Sintsov from DSecRG (dsecrg.com)
Attacks on clients’ browsers have always been the real threat for everyone.
And here vulnerabilities have been not only in the browser but also in plug-ins.
Bank-clients, business software, antivirus software – all of them use ActiveX (for IE)
for clients and here have been and are still many vulnerabilities.
Vendors make steps to defend us from it. Software vendors patch vulnerabilities and OS vendors
use new mechanisms to prevent attacks at all. But security researchers are trying to find way to bypass these mechanisms.
The new versions of browsers (Internet Explorer 8 and FireFox 3.5) use permanent DEP.
And the new versions of OS use the ASLR mechanism. All this makes the old methods of attacks impossible.
VMware Fusion 2.0.4
-------------------
http://www.vmware.com/download/fusion/
VMware Fusion 2.0.4: with McAfee VirusScan Plus 2009
md5sum:5b63c7ca402588bda6aa590a26d29adf
sha1sum:e575ada73da996bd00b880ae2d0bfcef2daf9f8e
VMware Fusion 2.0.4: Download including only VMware
md5sum:689eaf46746cdc89a595e0ef81b714b3
Product Affected
Updater for McAfee Virusscan Command Line 6.0
This product is available attached to this document:
https://kc.mcafee.com/corporate/index?page=content&id=KB67513
As far as can be determined, there has only ever been one version of this application.
Background
It is stated by McAfee:
NOTE: The attached script is only an example of how to automate the update process and is not officially supported by McAfee Technical Support.
snc> Impact:
snc> This problem can lead to remote denial of service or arbitrary code
snc> execution if an attacker carefully crafts a file that exploits the
snc> aforementioned vulnerability. The vulnerability is present in Sophos
snc> Anti-virus software listed above on all platforms supported by the affected
snc> products prior to the engine Version 2.48.0.
--
~/ZARAZA http://securityvulns.com/
- Avira AntiVir Exchange
- Avira AntiVir SharePoint
- Avira AntiVir ISA Server
- Avira AntiVir MIMEsweeper
- Avira AntiVir for KEN! 4
- Avira AntiVir Virus Scan Adapter for SAP NetWeaver®
- Avira AntiVir Professional (Unix)
- Avira AntiVir Server (Unix)
- Avira AntiVir MailGate
- Avira AntiVir WebGate
16/04/2009 : Resending specifying this is the last attempt to disclose
reponsibly.
No reply.
18/04/2009 : Online virus scan service offered to gap the bridge between
vendors that don't reply and myself. Aladin was contacted
through third party.
No reaction
Please review the patch/release notes for your product and version
and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Fusion 2.0.6 (for Intel-based Macs): Download including
VMware Fusion and a 12 month complimentary subscription to McAfee
VirusScan Plus 2009
md5sum: d35490aa8caa92e21339c95c77314b2f
sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26
VMware Fusion 2.0.6 (for Intel-based Macs): Download including only
Avira AntiVir Professional
Avira AntiVir for KEN! 4
Avira AntiVir & AntiSpam for KEN! 4
Avira WebProtector for KEN! 4
Avira AntiVir SharePoint
Avira AntiVir Virus Scan Adapter for SAP NetWeaver®
Avira AntiVir MailGate
Avira MailGate Suite
Avira AntiVir Exchange
Avira AntiVir MIMEsweeper
Avira AntiVir Domino
for Hack.lu, last year BTcrack, this year we'd like to announce
our (n.runs AG) Presentation @ this years Hack. lu, entitled:
----------------------------------------------
The Death of Defence in Depth ?
- (In part) Revisiting Anti-Virus Software
Sergio Alvarez & Thierr Zoller
----------------------------------------------
The Death of Defence in Depth ? - A rather bold question that
is; is this another overhyped bloated Presentation ? Or maybe do
Rising Multiple Products Local Privilege Escalation Vulnerability
BACKGROUND
RISING has introduced a variety of operating system based antivirus software, firewall software and enterprise antivirus wall, firewall, network security warning system and other hardware products. RISING is the third company in the world and the only one in China to provide a full range of information security products and professional services.
RISING is catering to over 60 million personal users and more than 70,000 corporate customers in Asia, Europe and Northern America. RISING technology for the search of unknown computer viruses is recognized and protected by patents in Europe, Japan and the United States of America.
Source: http://www.rising-global.com
VULNERABLE PRODUCTS
Impact:
This problem can lead to remote denial of service if an attacker
carefully crafts a file that exploits the aforementioned vulnerability.
The vulnerability is present in FRISK Anti-virus software mentioned
above, in all platforms supported by the affected products prior to the
engine Version 4.4.4.
Solution:
Impact:
This problem can lead to remote denial of service or arbitrary code
execution if an attacker carefully crafts a file that exploits the
aforementioned vulnerability. The vulnerability is present in Sophos
Anti-virus software listed above on all platforms supported by the affected
products prior to the engine Version 2.48.0.
Solution:
The vulnerability was reported on 07.May.2007 and an update has been issued
on 23.Aug.2007 to solve this vulnerability. For detailed information about
through Windows API. If you know the name of the directory, it is e.g.
possible to enter the hidden directory using Command Prompt and it is
possible to create new hidden files. There are also ways to run files
from this directory. Files in this directory are also hidden from some
antivirus scanners (as with the Sony BMG DRM case) — depending on the
techniques employed by the antivirus software. It is therefore
technically possible for malware to use the hidden directory as a hiding
place."
- Avira AntiVir Exchange
- Avira AntiVir SharePoint
- Avira AntiVir ISA Server
- Avira AntiVir MIMEsweeper
- Avira AntiVir for KEN! 4
- Avira AntiVir Virus Scan Adapter for SAP NetWeaver®
- Avira AntiVir Professional (Unix)
- Avira AntiVir Server (Unix)
- Avira AntiVir MailGate
- Avira AntiVir WebGate
Bugtraq,
I'm posting to the list to invite Bugtraq users to a closed, pre-beta,
program for a new free Anti-Virus package. The software is called Immunet
Protect, it's free Anti-Virus software focused on protecting communities
(versus single users only) through a new approach called 'Collective
Immunity'. It's cloud based, community focused and it's nearly in beta and
we would love your help!
If you are interested in participating in the pre-beta please mail me
Impact:
This problem can lead to a remote Denial of Service (DoS) situation through
high CPU consumption and exhaustion of storage resources if an attacker
carefully crafts a file that exploits the aforementioned vulnerability. The
vulnerability is present in Sophos Anti-virus software mentioned above on
all platforms supported by the affected products prior to the engine Version
2.48.0.
Solution:
The vulnerability was reported on 07.May.2007 and an update has been issued
> > through Windows API. If you know the name of the directory, it is e.g.
> > possible to enter the hidden directory using Command Prompt and it is
> > possible to create new hidden files. There are also ways to run files
> > from this directory. Files in this directory are also hidden from some
> > antivirus scanners (as with the Sony BMG DRM case) — depending on the
> > techniques employed by the antivirus software. It is therefore
> > technically possible for malware to use the hidden directory as a hiding
> > place."
>
> That is correct. It could be abused that way. Just like several other
> folders on e.g. Vista could be as well since they share that exact
contains malware and evade anti-virus detection.
Note: After files have been extracted from an archive, the desktop
Anti-Virus engine is able to scan all files for malware.
Consequently, detection evasion can be a concern for gateway
anti-virus software if archives are not scanned, but the risk is
effectively mitigated by the desktop anti-virus engine.
Mitigating Factors: See note above.
Next Page>>
|
