|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA15674] Ahnlab V3 Antivirus Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Sep 15 2005 - 11:23:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Ahnlab V3 Antivirus Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA15674
VERIFY ADVISORY:
http://secunia.com/advisories/15674/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Privilege escalation, System access
WHERE:
From remote
SOFTWARE:
AhnLab V3 VirusBlock 2005
http://secunia.com/product/5701/
AhnLab V3Net for Windows Server 6.x
http://secunia.com/product/5700/
AhnLab V3Pro
http://secunia.com/product/5699/
DESCRIPTION:
Secunia research has discovered some vulnerabilities in AhnLab V3
Antivirus, which can be exploited by malicious, local users to gain
escalated privileges, or by malicious people to compromise a
vulnerable system.
1) The real-time scan driver, v3flt2k.sys, does not validate the
source of received "DeviceIoControl()" commands. This can be
exploited by non-administrative users to run explorer.exe with SYSTEM
privileges, or to disable the real-time scan engine, via specially
crafted DeviceIoControl requests,
2) A boundary error in the ACE archive decompression library can be
exploited to cause a stack-based buffer overflow when a malicious ACE
archive containing a compressed file with an overly long filename is
scanned.
Successful exploitation allows execution of arbitrary code, but
requires that compressed file scanning is enabled.
3) A directory traversal error in the archive decompression library
can be exploited to write files to arbitrary directories when a
malicious archive containing compressed files with directory
traversal sequences in their filenames is scanned.
Vulnerability #2 and #3 are related to:
SA14359
The vulnerabilities have been confirmed in the following products:
* AhnLab V3Pro 2004 (Build 6.0.0.383)
* AhnLab V3 VirusBlock 2005 (Build 6.0.0.383)
* AhnLab V3Net for Windows Server 6.0 (Build 6.0.0.383)
SOLUTION:
Update to version 6.0.0.457 via online update.
PROVIDED AND/OR DISCOVERED BY:
Tan Chew Keong, Secunia Research
ORIGINAL ADVISORY:
AhnLab:
http://info.ahnlab.com/english/advisory/01.html
Secunia Research:
http://secunia.com/secunia_research/2005-17/advisory/
OTHER REFERENCES:
SA14359:
http://secunia.com/advisories/14359/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]