Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA18131] Symantec AntiVirus RAR Archive Decompression Buffer Overflow

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA18131] Symantec AntiVirus RAR Archive Decompression Buffer Overflow
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Wed, 21 Dec 2005 09:51:46 +0300
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcYFdsG2KJNqVYzgR2ujo/CadORwzgAhC2xw
Thread-topic: [SA18131] Symantec AntiVirus RAR Archive Decompression Buffer Overflow

> 
> 
> TITLE:
> Symantec AntiVirus RAR Archive Decompression Buffer Overflow
> 
> SECUNIA ADVISORY ID:
> SA18131
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/18131/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Symantec AntiVirus Corporate Edition 10.x
> http://secunia.com/product/5555/
> Symantec AntiVirus Corporate Edition 8.x
> http://secunia.com/product/659/
> Symantec AntiVirus Corporate Edition 9.x
> http://secunia.com/product/3549/
> Symantec AntiVirus for Caching 4.x
> http://secunia.com/product/4626/
> Symantec AntiVirus for Network Attached Storage 4.x
> http://secunia.com/product/4625/
> Symantec AntiVirus for SMTP Gateways 3.x
> http://secunia.com/product/2231/
> Symantec AntiVirus Scan Engine 4.x
> http://secunia.com/product/3040/
> Symantec AntiVirus/Filtering for Domino 3.x
> http://secunia.com/product/2029/
> Symantec Brightmail AntiSpam 4.x
> http://secunia.com/product/4627/
> Symantec Brightmail AntiSpam 5.x
> http://secunia.com/product/4628/
> Symantec Brightmail AntiSpam 6.x
> http://secunia.com/product/3656/
> Symantec Client Security 1.x
> http://secunia.com/product/2344/
> Symantec Client Security 2.x
> http://secunia.com/product/3478/
> Symantec Mail Security for Domino 4.x
> http://secunia.com/product/4624/
> Symantec Mail Security for Exchange 4.x
> http://secunia.com/product/2820/
> Symantec Mail Security for SMTP 4.x
> http://secunia.com/product/3558/
> Symantec Norton AntiVirus 2001
> http://secunia.com/product/221/
> Symantec Norton AntiVirus 2002
> http://secunia.com/product/846/
> Symantec Norton AntiVirus 2003
> http://secunia.com/product/175/
> Symantec Norton AntiVirus 2004
> http://secunia.com/product/2800/
> Symantec Norton AntiVirus 2005
> http://secunia.com/product/4009/
> Symantec Norton AntiVirus 5
> http://secunia.com/product/848/
> Symantec Norton AntiVirus 5.0 for OS/2
> http://secunia.com/product/172/
> Symantec Norton AntiVirus Corporate Edition 7.x
> http://secunia.com/product/643/
> Symantec Norton AntiVirus for Macintosh 10.x
> http://secunia.com/product/5949/
> Symantec Norton AntiVirus for Macintosh 9.x
> http://secunia.com/product/5948/
> Symantec Norton AntiVirus for Microsoft Exchange 2.x
> http://secunia.com/product/1017/
> Symantec Norton AntiVirus for Microsoft Exchange 3.x
> http://secunia.com/product/1018/
> Symantec Norton AntiVirus Solution 7.5
> http://secunia.com/product/173/
> Symantec Norton Internet Security 2001
> http://secunia.com/product/2802/
> Symantec Norton Internet Security 2002
> http://secunia.com/product/2801/
> Symantec Norton Internet Security 2003
> http://secunia.com/product/969/
> Symantec Norton Internet Security 2003 Professional
> http://secunia.com/product/970/
> Symantec Norton Internet Security 2004
> http://secunia.com/product/2441/
> Symantec Norton Internet Security 2004 Professional
> http://secunia.com/product/2442/
> Symantec Norton Internet Security 2005
> http://secunia.com/product/4848/
> Symantec Norton Internet Security for Macintosh 3.x
> http://secunia.com/product/5951/
> Symantec Web Security 2.x
> http://secunia.com/product/2812/
> Symantec Web Security 3.x
> http://secunia.com/product/2813/
> 
> DESCRIPTION:
> Alex Wheeler has reported a vulnerability in Symantec AntiVirus,
> which potentially can be exploited by malicious people to compromise
> a vulnerable system.
> 
> The vulnerability is caused due to a boundary error in Dec2Rar.dll
> when copying data based on the length field in the sub-block headers
> of a RAR archive. This can be exploited to cause a heap-based buffer
> overflow and may allow arbitrary code execution when a malicious RAR
> archive is scanned.
> 
> The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3
> and potentially affects all Symantec products that use the DLL.
> 
> SOLUTION:
> Filter RAR archives at email or proxy gateways.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Alex Wheeler
> 
> ORIGINAL ADVISORY:
> http://www.rem0te.com/public/images/symc2.pdf
> 
> ----------------------------------------------------------------------

Prev by Date: [security-alerts] FW: Making unidirectional VLAN and PVLAN jumping bidirectional
Next by Date: [security-alerts] FW: [SA18162] VMware NAT Networking Buffer Overflow Vulnerability
Previous by thread: [security-alerts] FW: Making unidirectional VLAN and PVLAN jumping bidirectional
Next by thread: [security-alerts] FW: [SA18162] VMware NAT Networking Buffer Overflow Vulnerability
Index(es):
- Date
- Thread