General Discussion

[Panda Antivirus]

FYI...

> http://atlas.arbor.net/briefs/index#1027704494
Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability
Severity: High Severity
Published: July 23, 2007
Panda AV is vulnerable to a buffer overflow when processing Windows EXE files. The error comes in an integer cast when parsing EXE header data. A malicious attacker could send the victim a malformed EXE file to be processed by Panda AV. This would then allow the attacker to run arbitrary code on the victim's computer. Updates have been made available.
Analysis: This is a similar issue to the Eset NOD32 file processing issue and nearly a dozen such vulnerabilities recently. We believe that this trend will continue for some time.
Source: http://secunia.com/advisories/26171/

NOD32 Antivirus Multiple File Processing Vulnerabilities
Severity: High Severity
Published: July 23, 2007
Eset NOD32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.
Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.
Source: http://secunia.com/advisories/26124/

 

[CA AV and other multiple products vuln - updates available]

FYI...

CA AV and other multiple products vuln - updates available
- http://secunia.com/advisories/26155/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch ...
Description: Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS...

(See the advisory for the long list of affected products.)

Also see: http://secunia.com/advisories/26190/
Release Date:  2007-07-25
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
...The vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and Netware..."

 

[ClamAV multiple vulns - update available]

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/26530/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x...
Solution:
Update to version 0.91.2.
- http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=90197&release_id=533658
2007-08-21


Trend Micro ServerProtect multiple vulns - update available
- http://secunia.com/advisories/26523/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro ServerProtect for Windows/NetWare 5.x...
Solution: Apply Security Patch 4 - Build 1185.
http://www.trendmicro.com/ftp/products/patches/spnt_558_win_en_securitypatch4.exe
Original Advisory: Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt

Also see: http://secunia.com/advisories/26557/
Software: Trend Micro Anti-Spyware 3.x, Trend Micro PC-cillin Internet Security 2007

.

[Sophos AV vuln - update available]

FYI...

Sophos AV vuln - update available
- http://secunia.com/advisories/26580/
Release Date: 2007-08-24
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus...
The vulnerabilities are reported in Sophos Anti-Virus with engine versions prior to 2.48.0.
Solution: Update to engine version 2.48.0 or later...
Original Advisory: http://www.sophos.com/support/knowledgebase/article/28407.html
http://www.sophos.com/support/knowledgebase/article/14244.html ...

.

[Sophos AV vuln - updates available]

FYI...

Sophos AV vuln - updates available
- http://secunia.com/advisories/26714/
Release Date: 2007-09-07
Critical: Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus 7.x, Sophos Anti-Virus for Windows 6.x
...The vulnerability is reported in versions 6.x and 7.0.0.
Solution: Update to versions 6.5.8 or later, or 7.0.1 or later. The vendor also recommends users of version 6.x to upgrade to version 7.
Original Advisory:
http://www.sophos.com/support/knowledgebase/article/29150.html

.

[AOL AV changes]

FYI...

AOL AV changes...
- http://isc.sans.org/diary.html?storyid=3360
Last Updated: 2007-09-08 01:29:38 UTC - "...It appears that AOL has switched from Kaspersky to McAfee and are now distributing "McAfee Virus Scan Plus-Special edition from AOL" according to this page*. It isn't entirely clear how (or if) this was communicated to the folks using the Kaspersky software. If you follow the link at the bottom of the page it looks like the old software may still get updates if you point back to a Kaspersky site, but that isn't entirely clear and I was unable to find anyone to answer that question for sure today (I'll update the story if I get more info). Without some action by the user, however, it appears that they will now be unprotected, which is unfortunate. In the meantime, if you have an AOL e-mail address, you can still get free anti-virus software from here**..."
 
* http://www.activevirusshield.com/antivirus/freeav/index.adp
 
** http://safety.aol.com/isc/BasicSecurity/

.

[Kaspersky AV DoS vuln - update 11.2007]

FYI...

Kaspersky AV DoS vuln - update 11.2007
- http://secunia.com/advisories/26887/
Last Update: 2007-09-25
Critical: Not critical
Impact: DoS
Where: Local system
Solution Status: Unpatched
Software: Kaspersky Anti-Virus 6.x
Kaspersky Anti-Virus 7.x
Kaspersky Internet Security 6.x
Kaspersky Internet Security 7.x
...The vulnerabilities are reported in version 7.0 build 125. Other versions may also be affected.
Solution: The vendor is reportedly working on an update to be released November 2007.
Original Advisory: Kaspersky:
http://www.kaspersky.com/technews?id=203038706
"...This is not the first time that this author has failed to notify us about a vulnerability before making it public, despite the fact that notifying the vendor first is de facto an industry standard..."

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5043

.

[Kaspersky Online Scanner ActiveX Vuln]

FYI...

Kaspersky Online Scanner ActiveX Vuln
- http://secunia.com/advisories/27187/
Release Date: 2007-10-11
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Kaspersky Online Scanner 5.x
...The vulnerability affects versions 5.0.93.1 and prior.
Solution: Update to version 5.0.98.0.
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html ...
Original Advisory: Kaspersky:
http://www.kaspersky.com/news?id=207575572 ...

.

[BitDefender Online Scanner ActiveX vuln - update available]

FYI...

BitDefender Online Scanner ActiveX vuln - update available
- http://secunia.com/advisories/27717/
Release Date: 2007-11-21
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0. Other versions may also be affected.
Solution: Update to the latest version (OScan82.ocx).
http://www.bitdefender.com/scan8/ie.html

 

[avast! vuln - update available]

FYI...

avast! vuln - update available
- http://secunia.com/advisories/27929/
Last Update: 2007-12-06
Critical: Highly critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: avast! Home/Professional 4.x
...The vulnerability is reported in versions prior to 4.7.1098.
Solution: Update to version 4.7.1098.
http://www.avast.com/eng/download.html ...
Original Advisory:
http://www.avast.com/eng/avast-4-home_pro-revision-history.html

.

[Trend Micro AV plus AS 2008, Internet Security 2008, Internet Security Pro 2008]

FYI...

Trend Micro AV plus AS 2008, Internet Security 2008, Internet Security Pro 2008
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
12/10/07 - "...Remote memory corruption... long bogus file names from malformed ZIP files... Vulnerability only affects users with English Versions of TIS16 (Trend Micro Internet Security Pro, Trend Micro Internet Security/Virus Buster 2008) and TAV16 (TrendMicro Antivirus plus AntiSpyware 2008) build #1450 and older... You can download the TIS16.0 English language security patch here..."

> http://secunia.com/advisories/28038/

 

[Clam AV vuln - update available]

FYI...

Clam AV vuln - update available
- http://secunia.com/advisories/28117/
Release Date: 2007-12-19
Critical: Highly critical
Impact: DoS, System access
Where: From remote
...The vulnerability is reported in versions prior to 0.92...
Solution: Update to version 0.92.

> http://www.clamav.org/
ClamAV Virus Databases: main.cvd ver. 45 released on 09 Dec 2007 15:50 +0000

> http://www.clamwin.com/
The latest version of Clamwin Free Antivirus is 0.91.2

 

[here]

FYI...

- http://www.heise-security.co.uk/articles/100965
21.12.2007 - "...The list of manufacturers of antivirus software with critical security problems reads like a Who's Who of the industry: the blacklist of Zoller and Alvarez includes Avast, Avira, BitDefender, CA, ClamAV, Eset NOD32, F-Secure, Grisoft AVG, Norman, Panda and Sophos. iDefense uncovered critical buffer overflows in Kaspersky's scanner, McAfee's VirusScan and Trend Micro's security products. Secunia found the same thing in Symantec's E-mail Security, and ISS/IBM XForce caught out Microsoft's security products. All of these appeared just this year, and the list is by no means complete: the n.runs specialists alone say they have discovered more than 80 critical holes and passed them on to the manufacturers. As far as they know, only some thirty of them have been closed so far..."

 

[McAfee E-Business Svr vuln - update available]

FYI...

McAfee E-Business Svr vuln - update available
- http://secunia.com/advisories/28408/
Release Date: 2008-01-10
Critical: Moderately critical
Impact: System access, DoS
Where:    From local network
Solution Status: Vendor Patch
Software: McAfee e-Business Server 8.x
...The vulnerability affects versions 8.5.2 and prior on Windows.
Solution: Update to version 8.5.3.
Original Advisory: McAfee:
https://knowledge.mcafee.com/article/542/614472_f.SAL_Public.html

.

[ClamAV multiple vulns - update available]

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/28907/
Release Date: 2008-02-12
Last Update: 2008-02-13
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x
...The vulnerabilities are reported in versions prior to 0.92.1.
Solution: Update to version 0.92.1...
Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=575703 ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6595

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0318

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0728