Users login

Create an account »


Users login

Home » Hacking News » Many serious flaws in AV products

Many serious flaws in AV products

by Nikola Strahija on August 1st, 2005 Serious vulnerabilities have been revealed in several popular security software tools in the past few days, namely Sophos Anti-Virus, ClamAV and the network protocol scanner Ethereal. The flaws could allow complete system takeover, according to researchers.

Fixes are available for Ethereal and ClamAV, but Sophos said it hasn't yet patched all affected versions of its software. All three are widely used in enterprises, with ClamAV and Ethereal distributed under open-source licences.

The Sophos flaw, a buffer overflow vulnerability, has been fixed in current versions of Sophos products, but hasn't yet been patched in others, the company said. Companies running Sophos Anti-Virus version 3.96.0 on Windows, Unix, NetWare, OS/2 or OpenVMS are not affected. Also unaffected is Sophos Anti-Virus 4.5.4.

The company didn't give specifics, but the flaw is due to a heap overflow bug when analysing malformed files. An attacker could exploit the bug via a specially crafted e-mail attachment to execute malicious code and take over a system, Sophos said.

ClamAV has problems with at least four of the components used for processing different file formats, according to researchers. -During the processing of TNEF, CHM, and FSG formats an attacker is able to trigger several integer overflows that allow attackers to overwrite heap data to obtain complete control of the system, said The bug affects version 0.86.1, and has been patched in version 0.86.2. Linux vendors and other software makers whose products contain ClamAV have been issuing patches directly.

ClamAV is found on a wide variety of platforms. It is included in Mac OS X Server by default and has numerous Windows implementations; all of these derivatives are likely to be vulnerable, said.

Ethereal versions 0.8.5 through 0.10.11 include several vulnerabilities, one of which involves the zlib compression library; this is found in a wide variety of applications, and has been recently patched in Web browsers, the KDE graphical user interface and eMule, a file-sharing application, for instance. The bugs are all fixed in Ethereal 0.10.12

The other flaws are related to a number of Ethereal's protocol dissectors, specifically the LDAP, AgentX, 802.3, PER, DHCP, BER, MEGACO, GIOP, SMB, WBXML, H1, DOCSIS, SMPP, HTTP, DCERPC, CAMEL, RADIUS, Telnet, IS-IS LSP and NCP dissectors; they include buffer overflow, format string and null pointer bugs. Any of the bugs could be exploited by remote attackers to crash Ethereal or execute malicious commands, researchers said.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »