Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA18131] Symantec AntiVirus RAR Archive Decompression Buffer Overflow



> 
> 
> TITLE:
> Symantec AntiVirus RAR Archive Decompression Buffer Overflow
> 
> SECUNIA ADVISORY ID:
> SA18131
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/18131/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Symantec AntiVirus Corporate Edition 10.x
> http://secunia.com/product/5555/
> Symantec AntiVirus Corporate Edition 8.x
> http://secunia.com/product/659/
> Symantec AntiVirus Corporate Edition 9.x
> http://secunia.com/product/3549/
> Symantec AntiVirus for Caching 4.x
> http://secunia.com/product/4626/
> Symantec AntiVirus for Network Attached Storage 4.x
> http://secunia.com/product/4625/
> Symantec AntiVirus for SMTP Gateways 3.x
> http://secunia.com/product/2231/
> Symantec AntiVirus Scan Engine 4.x
> http://secunia.com/product/3040/
> Symantec AntiVirus/Filtering for Domino 3.x
> http://secunia.com/product/2029/
> Symantec Brightmail AntiSpam 4.x
> http://secunia.com/product/4627/
> Symantec Brightmail AntiSpam 5.x
> http://secunia.com/product/4628/
> Symantec Brightmail AntiSpam 6.x
> http://secunia.com/product/3656/
> Symantec Client Security 1.x
> http://secunia.com/product/2344/
> Symantec Client Security 2.x
> http://secunia.com/product/3478/
> Symantec Mail Security for Domino 4.x
> http://secunia.com/product/4624/
> Symantec Mail Security for Exchange 4.x
> http://secunia.com/product/2820/
> Symantec Mail Security for SMTP 4.x
> http://secunia.com/product/3558/
> Symantec Norton AntiVirus 2001
> http://secunia.com/product/221/
> Symantec Norton AntiVirus 2002
> http://secunia.com/product/846/
> Symantec Norton AntiVirus 2003
> http://secunia.com/product/175/
> Symantec Norton AntiVirus 2004
> http://secunia.com/product/2800/
> Symantec Norton AntiVirus 2005
> http://secunia.com/product/4009/
> Symantec Norton AntiVirus 5
> http://secunia.com/product/848/
> Symantec Norton AntiVirus 5.0 for OS/2
> http://secunia.com/product/172/
> Symantec Norton AntiVirus Corporate Edition 7.x
> http://secunia.com/product/643/
> Symantec Norton AntiVirus for Macintosh 10.x
> http://secunia.com/product/5949/
> Symantec Norton AntiVirus for Macintosh 9.x
> http://secunia.com/product/5948/
> Symantec Norton AntiVirus for Microsoft Exchange 2.x
> http://secunia.com/product/1017/
> Symantec Norton AntiVirus for Microsoft Exchange 3.x
> http://secunia.com/product/1018/
> Symantec Norton AntiVirus Solution 7.5
> http://secunia.com/product/173/
> Symantec Norton Internet Security 2001
> http://secunia.com/product/2802/
> Symantec Norton Internet Security 2002
> http://secunia.com/product/2801/
> Symantec Norton Internet Security 2003
> http://secunia.com/product/969/
> Symantec Norton Internet Security 2003 Professional
> http://secunia.com/product/970/
> Symantec Norton Internet Security 2004
> http://secunia.com/product/2441/
> Symantec Norton Internet Security 2004 Professional
> http://secunia.com/product/2442/
> Symantec Norton Internet Security 2005
> http://secunia.com/product/4848/
> Symantec Norton Internet Security for Macintosh 3.x
> http://secunia.com/product/5951/
> Symantec Web Security 2.x
> http://secunia.com/product/2812/
> Symantec Web Security 3.x
> http://secunia.com/product/2813/
> 
> DESCRIPTION:
> Alex Wheeler has reported a vulnerability in Symantec AntiVirus,
> which potentially can be exploited by malicious people to compromise
> a vulnerable system.
> 
> The vulnerability is caused due to a boundary error in Dec2Rar.dll
> when copying data based on the length field in the sub-block headers
> of a RAR archive. This can be exploited to cause a heap-based buffer
> overflow and may allow arbitrary code execution when a malicious RAR
> archive is scanned.
> 
> The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3
> and potentially affects all Symantec products that use the DLL.
> 
> SOLUTION:
> Filter RAR archives at email or proxy gateways.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Alex Wheeler
> 
> ORIGINAL ADVISORY:
> http://www.rem0te.com/public/images/symc2.pdf
> 
> ----------------------------------------------------------------------




 




Copyright © Lexa Software, 1996-2009.