F-Secure Anti-Virus Products LHA Archive Processing Overflow

2004-05-26T08:50:30
ID OSVDB:6423
Type osvdb
Reporter OSVDB
Modified 2004-05-26T08:50:30

Description

Vulnerability Description

A remote overflow exists in F-Secure Anti-Virus products. The modules responsible for accessing content in LHA archives while scanning for viruses fails to perform proper boundry checking. With a specially crafted LHA archive, an attacker can cause an overflow resulting in a loss of availability.

Technical Description

The vulnerability is caused due to an unspecified error, which reportedly causes a problem with properly detecting the Sober.D and Sober.G viruses in archives.

Solution Description

Upgrade your affected product to the version listed in the vendors patch matrix, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable On-access scanning of client or server computers. This feature is not enabled by default.

Short Description

A remote overflow exists in F-Secure Anti-Virus products. The modules responsible for accessing content in LHA archives while scanning for viruses fails to perform proper boundry checking. With a specially crafted LHA archive, an attacker can cause an overflow resulting in a loss of availability.

References:

Vendor Specific Advisory URL Secunia Advisory ID:11712 Other Advisory URL: http://www.securityfocus.com/advisories/6675 Other Advisory URL: http://www.securityfocus.com/advisories/6680 ISS X-Force ID: 16012 CVE-2004-0234 CVE-2004-2405 Bugtraq ID: 10243