[NEWS] Kaspersky Antivirus Scan Engine PE File DoS Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 7 Jan 2007 11:12:42 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Kaspersky Antivirus Scan Engine PE File DoS Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.kaspersky.com/> Kaspersky Antivirus is "a popular client and
gateway virus scanner". Remote exploitation of a DoS vulnerability in
Kaspersky Lab's Antivirus could allow an attacker to cause a denial of
service (DoS) condition.
DETAILS
Vulnerable Systems:
* Kaspersky Labs Antivirus Engine version 6.0 for Windows
* Kaspersky Labs Antivirus Engine version 5.5-10 for Linux
* Previous versions may also be affected
* Any products that use the scanning engine are also affected, including
the Kaspersky mail gateway scanner
Kaspersky is vulnerable to a DoS condition when processing a specially
crafted PE (portable executable) file. One of the headers in a PE file is
the Optional Windows Header section. This section of the PE header
contains information needed by the Windows linker and loader. An invalid
value for the 'NumberOfRvaAndSizes' field will cause Kaspersky to
repeatedly seek and read from the same section of the file in an endless
loop.
Exploitation allows attackers to send the scanning engine into an infinite
loop. Further attempts to scan files will be prevented. Exploitation
requires that an attacker sends a specially constructed PE file through an
e-mail gateway or personal anti-virus client using the Kaspersky scanning
engine.
Vendor Status:
Kaspersky Lab reports that it has fixed this vulnerability as of January
2nd, 2007. In addition, they stated the following.
"There is no need to download any special patches. All installed Kaspersky
Lab products are updated automatically through the regular
signature-update functionality. There is not need to contact Kaspersky Lab
to obtain this fix."
Disclosure Timeline:
* 12-12-06 Initial vendor notification
* 12-12-06 Initial vendor response
* 01-05-07 Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by iDefense.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [EXPL] Durian Web Application Server Buffer Overflow (Exploit)
- Next by Date: [NEWS] Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability
- Previous by thread: [EXPL] Durian Web Application Server Buffer Overflow (Exploit)
- Next by thread: [NEWS] Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability
- Index(es):
Relevant Pages
|
|
