|
Severity Rate: High
Overview
A buffer overflow vulnerability was discovered which could let attackers execute arbitrary privileged commands. This issue takes place when an application scans maliciously manipulated compressed file types for viruses.
Type of Attack
o An attacker can exploit the flaw by sending a maliciously crafted compressed file (ALZ/UUE/XXE) which can be used to execute arbitrary commands.
Affected Software
- AhnLab V3Pro 2004(AhnLab V3 VirusBlock 2005 international)
- AhnLab V3Net for Windows Server 6.0
- AhnLab MyV3
Impact
There exists a buffer overflow vulnerability during scanning of maliciously crafted compressed files. The successful exploitation of this flaw could potentially allow attackers to execute arbitrary commands or create malicious files on the targeted system.
Description
The buffer overflow vulnerability is exposed when scanning specific compressed files that were manipulated by malicious users. An exploit of this vulnerability can lead to arbitrary code execution attacks. This flaw affects ALZ, UUE, XXE compressed file formats. This issue is due to a failure of the application to properly check the byte size of the file name before copying it into buffers. Compressed file formats other than the three mentioned above are not affected by this threat. By default, the manual scan of V3Pro 2004 does not scan compressed files for viruses. Therefore, it will be necessary for the compressed file scan option to be enabled in order for this vulnerability to be exploited.
Solution
AhnLab has released a scan engine that fixes this vulnerability. We recommend that you run the Smart Update Utility to update to the latest scan engine. The Smart Update Utility helps keep AhnLab products up to date. To manually invoke the Smart Update Utility, do one of the following:
Click Start->All Programs->AhnLab->Smart Update Utility->Smart Update Utility.
Click Update on the tool bar.
The following image will display when the application starts.
Click Start to begin updating and downloading files from our update server. It may take several minutes to complete depending on the connection speed.
Caution
In order for the latest engine to be updated, your computer must be connected to the Internet.
Below is a list of fixed versions.
To see build information, click on Help and select Product Information.
| Product Name |
Version |
| AhnLab V3Pro 2004 |
Later than 6.0.0.488 |
| AhnLab V3Net for Windows Server 6.0 |
Later than 6.0.0.488 |
| AhnLab MyV3 |
Not Vulnerable as of October 11, 2005 |
Acknowledgement
We especially thank Chew Keong Tan of Secunia(http://www.secunia.com) for reporting this issue and helping us to find a solution.
ASEC Contact Information
Email:
Copyright 2002-2005 ASEC(AhnLab Security E-response Center) All Rights Reserved.
|