Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow

• Previous message: Williams, James K: "32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 24 Aug 2005 10:30:15 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

======================================================================

                     Secunia Research 24/08/2005

      - HAURI Anti-Virus ACE Archive Handling Buffer Overflow -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

ViRobot Expert 4.0
ViRobot Advanced Server
ViRobot Linux Server 2.0
HAURI LiveCall

Other versions may also be affected.

======================================================================
2) Severity

Rating: Highly Critical
Impact: System access
Where: Remote

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in various HAURI
anti-virus products, which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the ACE
archive decompression library vrAZace.dll when extracting an archive.
This can be exploited to cause a stack-based buffer overflow when
scanning a malicious ACE archive containing a compressed file with
a filename longer than 272 characters.

Successful exploitation allows arbitrary code execution, but requires
that compressed file scanning is enabled.

The vulnerability is related to:
http://secunia.com/SA14359

======================================================================
4) Solution

Apply patches.

ViRobot Linux Server 2.0:
http://www.globalhauri.com/html/download/down_unixpatch.html

ViRobot Expert 4.0 / ViRobot Advanced Server:
Update to the latest version via online update (vrazmain.dll
version 5.8.22.137).

HAURI LiveCall:
Update to the latest version by visiting the vendor's LiveCall
website (vrazmain.dll version 5.8.22.137).

======================================================================
5) Time Table

15/08/2005 - Initial vendor notification.
17/08/2005 - Vendor released patch for VR Linux Server.
23/08/2005 - Vendor released patch for VR Expert, VR Advanced Server
             and LiveCall via online update.
24/08/2005 - Public disclosure.

======================================================================
6) Credits

Discovered by Tan Chew Keong, Secunia Research.

======================================================================
7) References

HAURI:
http://www.globalhauri.com/html/download/down_unixpatch.html

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-33/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--

• Previous message: Williams, James K: "32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow ... ViRobot Advanced Server ... Secunia Research has discovered a vulnerability in various HAURI ... ViRobot Expert 4.0 / ViRobot Advanced Server: ... (Bugtraq) [Full-disclosure] Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow ... ViRobot Advanced Server ... Secunia Research has discovered a vulnerability in various HAURI ... ViRobot Expert 4.0 / ViRobot Advanced Server: ... (Full-Disclosure)