Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

HAURItraverse.txt

🗓️ 24 Aug 2005 00:00:00Reported by Tan Chew KeongType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

HAURI Anti-Virus vulnerability allows arbitrary file writin

Code
`======================================================================   
  
Secunia Research 19/08/2005  
  
- HAURI Anti-Virus Compressed Archive Directory Traversal -  
  
======================================================================   
Table of Contents  
  
Affected Software....................................................1  
Severity.............................................................2  
Description of Vulnerability.........................................3  
Solution.............................................................4  
Time Table...........................................................5  
Credits..............................................................6  
References...........................................................7  
About Secunia........................................................8  
Verification.........................................................9  
  
======================================================================   
1) Affected Software   
  
ViRobot Expert 4.0   
ViRobot Advanced Server  
ViRobot Linux Server 2.0  
HAURI LiveCall  
  
Other versions may also be affected.  
  
======================================================================   
2) Severity   
  
Rating: Moderately critical  
Impact: Security Bypass  
Where: Remote  
  
======================================================================   
3) Description of Vulnerability  
  
Secunia Research has discovered a vulnerability in various HAURI  
anti-virus products, which can be exploited by malicious people to  
write files to arbitrary directories.  
  
The vulnerability is caused due to unsafe extraction of compressed  
archives (e.g. ACE, ARJ, CAB, LZH, RAR, TAR and ZIP) into a temporary  
directory before scanning. This can be exploited to write files into  
arbitrary directories when scanning a malicious archive containing   
files that have "/../" or "../../" directory sequences in their   
filenames.  
  
Successful exploitation allows writing of files to arbitrary  
directories, which can potentially lead to code execution (e.g. by  
overwriting certain startup files), but requires that compressed file  
scanning is enabled.  
  
======================================================================   
4) Solution   
  
Apply patches.  
  
ViRobot Linux Server 2.0:  
http://www.globalhauri.com/html/download/down_unixpatch.html   
  
ViRobot Expert 4.0 / ViRobot Advanced Server / LiveCall:  
Updated version available via online update is still vulnerable when   
scanning certain archive types.  
  
Disable compressed file scanning and scan files only after they have  
been confirmed not to contain directory traversal sequences in their  
filenames and correctly extracted.  
  
======================================================================   
5) Time Table   
  
30/06/2005 - Initial vendor notification.  
12/07/2005 - Second vendor notification.  
14/07/2005 - Vendor response.  
08/08/2005 - Received notification that VR Expert and VR Advanced   
Server has been fixed via online update.  
09/08/2005 - Received notification that LiveCall has been fixed via  
online update.  
11/08/2005 - Notified vendor that certain archive types are still  
affected.  
17/08/2005 - Vendor released patch for VR Linux Server and disclosed  
vulnerability information.  
19/08/2005 - Public disclosure.  
  
======================================================================   
6) Credits   
  
Discovered by Tan Chew Keong, Secunia Research.  
  
======================================================================   
7) References  
  
HAURI:  
http://www.globalhauri.com/html/download/down_unixpatch.html  
  
======================================================================   
8) About Secunia   
  
Secunia collects, validates, assesses, and writes advisories regarding   
all the latest software vulnerabilities disclosed to the public. These   
advisories are gathered in a publicly available database at the   
Secunia website:   
  
http://secunia.com/  
  
Secunia offers services to our customers enabling them to receive all   
relevant vulnerability information to their specific system   
configuration.   
  
Secunia offers a FREE mailing list called Secunia Security Advisories:   
  
http://secunia.com/secunia_security_advisories/  
  
======================================================================   
9) Verification   
  
Please verify this advisory by visiting the Secunia website:  
http://secunia.com/secunia_research/2005-24/advisory/  
  
Complete list of vulnerability reports published by Secunia Research:  
http://secunia.com/secunia_research/  
  
======================================================================  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
hauri anti-virusdirectory traversalsecurity bypasscompressed archivescode executionpatchesvulnerabilitysecunia research
30