• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
AplusWebMaster

Multiple AV vendor vulns - updates available

147 posts in this topic

FYI...

 

> http://atlas.arbor.net/briefs/index#1027704494

Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability

Severity: High Severity

Published: July 23, 2007

Panda AV is vulnerable to a buffer overflow when processing Windows EXE files. The error comes in an integer cast when parsing EXE header data. A malicious attacker could send the victim a malformed EXE file to be processed by Panda AV. This would then allow the attacker to run arbitrary code on the victim's computer. Updates have been made available.

Analysis: This is a similar issue to the Eset NOD32 file processing issue and nearly a dozen such vulnerabilities recently. We believe that this trend will continue for some time.

Source: http://secunia.com/advisories/26171/

 

NOD32 Antivirus Multiple File Processing Vulnerabilities

Severity: High Severity

Published: July 23, 2007

Eset NOD32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.

Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.

Source: http://secunia.com/advisories/26124/

 

.

Share this post


Link to post
Share on other sites

FYI...

 

CA AV and other multiple products vuln - updates available

- http://secunia.com/advisories/26155/

Release Date: 2007-07-25

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch ...

Description: Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS...

 

(See the advisory for the long list of affected products.)

 

Also see: http://secunia.com/advisories/26190/

Release Date: 2007-07-25

Critical: Moderately critical

Impact: System access

Where: From local network

Solution Status: Vendor Patch

...The vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and Netware..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV multiple vulns - update available

- http://secunia.com/advisories/26530/

Release Date: 2007-08-22

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Clam AntiVirus (clamav) 0.x...

Solution:

Update to version 0.91.2.

- http://sourceforge.net/project/showfiles.p...lease_id=533658

2007-08-21

 

 

Trend Micro ServerProtect multiple vulns - update available

- http://secunia.com/advisories/26523/

Release Date: 2007-08-22

Critical: Moderately critical

Impact: System access

Where: From local network

Solution Status: Vendor Patch

Software: Trend Micro ServerProtect for Windows/NetWare 5.x...

Solution: Apply Security Patch 4 - Build 1185.

http://www.trendmicro.com/ftp/products/pat...uritypatch4.exe

Original Advisory: Trend Micro:

http://www.trendmicro.com/ftp/documentatio...tch4_readme.txt

 

Also see: http://secunia.com/advisories/26557/

Software: Trend Micro Anti-Spyware 3.x, Trend Micro PC-cillin Internet Security 2007

 

.

Share this post


Link to post
Share on other sites

FYI...

 

Sophos AV vuln - update available

- http://secunia.com/advisories/26580/

Release Date: 2007-08-24

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Sophos Anti-Virus...

The vulnerabilities are reported in Sophos Anti-Virus with engine versions prior to 2.48.0.

Solution: Update to engine version 2.48.0 or later...

Original Advisory: http://www.sophos.com/support/knowledgebas...icle/28407.html

http://www.sophos.com/support/knowledgebas...icle/14244.html ...

 

.

Share this post


Link to post
Share on other sites

re: ClamAV vuln:

ClamWin has begun an incremental programme upgrade that is much smaller than the full install, and significantly smaller than the "nosig" install too. It is available by selecting Check Latest Version in the Help menu. FYI.

 

/xposed a misspelling

Edited by hornet777

Share this post


Link to post
Share on other sites

FYI...

 

Sophos AV vuln - updates available

- http://secunia.com/advisories/26714/

Release Date: 2007-09-07

Critical: Moderately critical

Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch

Software: Sophos Anti-Virus 7.x, Sophos Anti-Virus for Windows 6.x

...The vulnerability is reported in versions 6.x and 7.0.0.

Solution: Update to versions 6.5.8 or later, or 7.0.1 or later. The vendor also recommends users of version 6.x to upgrade to version 7.

Original Advisory:

http://www.sophos.com/support/knowledgebas...icle/29150.html

 

.

Share this post


Link to post
Share on other sites

FYI...

 

AOL AV changes...

- http://isc.sans.org/diary.html?storyid=3360

Last Updated: 2007-09-08 01:29:38 UTC - "...It appears that AOL has switched from Kaspersky to McAfee and are now distributing "McAfee Virus Scan Plus-Special edition from AOL" according to this page*. It isn't entirely clear how (or if) this was communicated to the folks using the Kaspersky software. If you follow the link at the bottom of the page it looks like the old software may still get updates if you point back to a Kaspersky site, but that isn't entirely clear and I was unable to find anyone to answer that question for sure today (I'll update the story if I get more info). Without some action by the user, however, it appears that they will now be unprotected, which is unfortunate. In the meantime, if you have an AOL e-mail address, you can still get free anti-virus software from here**..."

 

* http://www.activevirusshield.com/antivirus/freeav/index.adp

 

** http://safety.aol.com/isc/BasicSecurity/

 

.

Share this post


Link to post
Share on other sites

FYI...

 

Kaspersky AV DoS vuln - update 11.2007

- http://secunia.com/advisories/26887/

Last Update: 2007-09-25

Critical: Not critical

Impact: DoS

Where: Local system

Solution Status: Unpatched

Software: Kaspersky Anti-Virus 6.x

Kaspersky Anti-Virus 7.x

Kaspersky Internet Security 6.x

Kaspersky Internet Security 7.x

...The vulnerabilities are reported in version 7.0 build 125. Other versions may also be affected.

Solution: The vendor is reportedly working on an update to be released November 2007.

Original Advisory: Kaspersky:

http://www.kaspersky.com/technews?id=203038706

"...This is not the first time that this author has failed to notify us about a vulnerability before making it public, despite the fact that notifying the vendor first is de facto an industry standard..."

 

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5043

 

.

Share this post


Link to post
Share on other sites

FYI...

 

Kaspersky Online Scanner ActiveX Vuln

- http://secunia.com/advisories/27187/

Release Date: 2007-10-11

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software: Kaspersky Online Scanner 5.x

...The vulnerability affects versions 5.0.93.1 and prior.

Solution: Update to version 5.0.98.0.

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html ...

Original Advisory: Kaspersky:

http://www.kaspersky.com/news?id=207575572 ...

 

.

Share this post


Link to post
Share on other sites

FYI...

 

BitDefender Online Scanner ActiveX vuln - update available

- http://secunia.com/advisories/27717/

Release Date: 2007-11-21

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

...Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0. Other versions may also be affected.

Solution: Update to the latest version (OScan82.ocx).

http://www.bitdefender.com/scan8/ie.html

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

avast! vuln - update available

- http://secunia.com/advisories/27929/

Last Update: 2007-12-06

Critical: Highly critical

Impact: Unknown

Where: From remote

Solution Status: Vendor Patch

Software: avast! Home/Professional 4.x

...The vulnerability is reported in versions prior to 4.7.1098.

Solution: Update to version 4.7.1098.

http://www.avast.com/eng/download.html ...

Original Advisory:

http://www.avast.com/eng/avast-4-home_pro-...on-history.html

 

.

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Trend Micro AV plus AS 2008, Internet Security 2008, Internet Security Pro 2008

- http://esupport.trendmicro.com/support/vie...ntentID=1036464

12/10/07 - "...Remote memory corruption... long bogus file names from malformed ZIP files... Vulnerability only affects users with English Versions of TIS16 (Trend Micro Internet Security Pro, Trend Micro Internet Security/Virus Buster 2008) and TAV16 (TrendMicro Antivirus plus AntiSpyware 2008) build #1450 and older... You can download the TIS16.0 English language security patch here..."

 

> http://secunia.com/advisories/28038/

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Clam AV vuln - update available

- http://secunia.com/advisories/28117/

Release Date: 2007-12-19

Critical: Highly critical

Impact: DoS, System access

Where: From remote

...The vulnerability is reported in versions prior to 0.92...

Solution: Update to version 0.92.

 

> http://www.clamav.org/

ClamAV Virus Databases: main.cvd ver. released on 09 Dec 2007 15:50 +0000

 

> http://www.clamwin.com/

The latest version of Clamwin Free Antivirus is 0.91.2

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.heise-security.co.uk/articles/100965

21.12.2007 - "...The list of manufacturers of antivirus software with critical security problems reads like a Who's Who of the industry: the blacklist of Zoller and Alvarez includes Avast, Avira, BitDefender, CA, ClamAV, Eset NOD32, F-Secure, Grisoft AVG, Norman, Panda and Sophos. iDefense uncovered critical buffer overflows in Kaspersky's scanner, McAfee's VirusScan and Trend Micro's security products. Secunia found the same thing in Symantec's E-mail Security, and ISS/IBM XForce caught out Microsoft's security products. All of these appeared just this year, and the list is by no means complete: the n.runs specialists alone say they have discovered more than 80 critical holes and passed them on to the manufacturers. As far as they know, only some thirty of them have been closed so far..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

McAfee E-Business Svr vuln - update available

- http://secunia.com/advisories/28408/

Release Date: 2008-01-10

Critical: Moderately critical

Impact: System access, DoS

Where: From local network

Solution Status: Vendor Patch

Software: McAfee e-Business Server 8.x

...The vulnerability affects versions 8.5.2 and prior on Windows.

Solution: Update to version 8.5.3.

Original Advisory: McAfee:

https://knowledge.mcafee.com/article/542/61...SAL_Public.html

 

.

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV multiple vulns - update available

- http://secunia.com/advisories/28907/

Release Date: 2008-02-12

Last Update: 2008-02-13

Critical: Highly critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch

Software: Clam AntiVirus (clamav) 0.x

...The vulnerabilities are reported in versions prior to 0.92.1.

Solution: Update to version 0.92.1...

Original Advisory:

http://sourceforge.net/project/shownotes.p...lease_id=575703 ...

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6595

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0318

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0728

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

F-Secure vuln - hotfix available

- http://www.f-secure.com/security/fsc-2008-1.shtml

Last updated: 2008-02-19 ...

Risk Factor: High

The gateway passes archives unscanned

Mitigating Factors:

* Exploitation of these vulnerabilities requires specially crafted archives

* The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix..."

 

(More detail at the URL above.)

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Symantec RAR File vulns - updates available

- http://secunia.com/advisories/29140/

Release Date: 2008-02-27

Critical: Highly critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch

Software: Symantec AntiVirus for Network Attached Storage 4.x

Symantec AntiVirus Scan Engine 4.x

Symantec AntiVirus/Filtering for Domino 3.x

Symantec Mail Security for Exchange 4.x

Symantec Mail Security for Microsoft Exchange 5.x

Symantec Scan Engine 5.x...

Original Advisory: SYM08-006:

http://www.symantec.com/avcenter/security/...2008.02.27.html ...

"...to ensure all available updates have been applied, users can manually launch and run LiveUpdate..."

 

.

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Panda vuln - updates available

- http://secunia.com/advisories/29311/

Release Date: 2008-03-10

Critical: Less critical

Impact: Privilege escalation, DoS

Where: Local system

Solution Status: Vendor Patch

Software: Panda Antivirus + Firewall 2008, Panda Internet Security 2008 ...

Solution: Apply hotfix.

Panda Internet Security 2008 (hfp120801s1.exe):

http://www.pandasecurity.com/resources/sop...hfp120801s1.exe

Panda Antivirus + Firewall 2008 (hft70801s1.exe):

http://www.pandasecurity.com/resources/sop.../hft70801s1.exe ...

Original Advisory: Panda:

http://www.pandasecurity.com/homeusers/sup...amp;ref=ProdExp

http://www.pandasecurity.com/homeusers/sup...amp;ref=ProdExp ...

Share this post


Link to post
Share on other sites

FYI...

 

F-Secure Security Advisory FSC-2008-2

- http://www.f-secure.com/weblog/archives/00001404.html

March 17, 2008 - "...The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors - including several antivirus vendors...including us. We've fixed a long list of our products to resolve these issues. Home users will get these fixes via the normal update system and they don't have to do anything... Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any public exploit methods for these vulnerabilities. For more information, please consult F-Secure Security Advisory FSC-2008-2* and CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats**."

* http://www.f-secure.com/security/fsc-2008-2.shtml

(Hotfixes/patches available)

 

** https://www.cert.fi/haavoittuvuudet/joint-a...ve-formats.html

17 March 2008 - "...The vulnerabilities described in this advisory can potentially affect programs that handle the archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. The Test Suite contains a set of fuzzed archive files in different formats, some of which may cause and some that are known to cause problems in common tools processing archived content..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

CA Alert Notification Server service

- https://support.ca.com/irj/portal/anonymous...ontentID=173103

Issued: April 3rd, 2008 - "CA's customer support is alerting customers to security risks in products that use the Alert Notification Server service. Multiple vulnerabilities exist that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.

The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.

Risk Rating: High

Affected Products:

CA Anti-Virus for the Enterprise 7.1

CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8

CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1

CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8

CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1

BrightStor ARCserve Backup r11.5

BrightStor ARCserve Backup r11.1

BrightStor ARCserve Backup r11 for Windows

Solution: CA has provided updates to address the vulnerabilities... (links at URL above)

Workaround: None..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV vuln

- http://secunia.com/advisories/29000/

Release Date: 2008-04-14

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Workaround

Software: Clam AntiVirus (clamav) 0.x

...The vulnerability is confirmed in versions 0.92 and 0.92.1. Prior versions may also be affected.

Solution: An updated version should be available shortly. The PE scanning module has been remotely switched off after 10/03/2008.

 

Do not scan untrusted PE files...

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV multiple vulns - update available

- http://secunia.com/advisories/29000/

Last Update: 2008-04-15

Critical: Highly critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch

Software: Clam AntiVirus (clamav) 0.x

...The vulnerabilities are reported in version 0.92.1. Prior versions may also be affected.

Solution: Update to version 0.93.

Download:

- http://www.clamav.net/download/sources

Changelog:

- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

 

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1100

 

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1387

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV vuln - update available

- http://secunia.com/advisories/30657/

Release Date: 2008-06-17

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Clam AntiVirus (clamav) 0.x...

The vulnerability is reported in versions prior to 0.93.1.

Solution: Update to version 0.93.1.

Original Advisory:

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000 ...

 

Download:

http://sourceforge.net/project/showfiles.php?group_id=86638

 

:!:

Share this post


Link to post
Share on other sites

Backtrack...

 

- http://atlas.arbor.net/briefs/index#-51119944

Severity: High Severity

Published: Friday, June 20, 2008 20:31

 

ClamAV vuln... now marked as "Unpatched"

- http://secunia.com/advisories/30657/

Last Update: 2008-06-20

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Unpatched ...

The vulnerability is confirmed in versions 0.93 and 0.93.1. Other versions may also be affected.

Solution: Disable the scanning of PE files.

NOTE: Version 0.93.1 only fixes a particular exploitation vector...

Changelog:

2008-06-20: Updated "Solution" section and marked the advisory as unpatched...

 

:!: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Panda ActiveScan vulns - update available

- http://secunia.com/advisories/30841/

Release Date: 2008-07-07

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software: Panda ActiveScan 2.0 1.x

...Successful exploitation allows execution of arbitrary code. According to the vendor, the vulnerabilities affect versions prior to version 1.02.00.

Solution: Update to version 1.02.00 or later.

http://www.pandasecurity.com/activescan

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3155

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3156

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV vuln - update available

- http://secunia.com/advisories/30657/

Last Update: 2008-07-28

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch...

Solution: Update to version 0.93.3...

- http://sourceforge.net/project/shownotes.p...;group_id=86638

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2713

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3215

 

//

Share this post


Link to post
Share on other sites

FYI...

 

AVG DoS vuln - update available

- http://secunia.com/advisories/31290/

Release Date: 2008-07-29

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: AVG Anti-Virus 8.x ...

...The vulnerability affects versions prior to 8.0.156.

Solution: Update to version 8.0.156 or later.

Original Advisory:

AVG: http://www.grisoft.com/ww.94247

 

n.runs AG: http://preview.tinyurl.com/6fcaye ...

 

- http://www.us-cert.gov/current/archive/200...releases_update

 

Program update AVG Free 8.0 169: http://free.avg.com/ww.94096

August 25, 2008

 

//

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Trend Micro Web Mgmt authentication bypass...

- http://secunia.com/advisories/31373/

Last Update: 2008-08-29

Critical: Moderately critical

Impact: Security Bypass, Brute force

Where: From local network

Solution Status: Partial Fix

Software: Trend Micro Client Server Messaging Security for SMB 3.x

Trend Micro OfficeScan Corporate Edition 7.x

Trend Micro OfficeScan Corporate Edition 8.x

Trend Micro Worry-Free Business Security 5.x ...

Solution: Apply patches...

(See the URL above for links to patches.)

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-2433

Last revised: 09/05/2008

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Trend Micro OfficeScan Server - updates available

- http://secunia.com/advisories/31342/

Release Date: 2008-09-12

Critical: Moderately critical

Impact: System access

Where: From local network

Solution Status: Partial Fix

...Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.3 with Patch 4 build 1362 applied and also affects OfficeScan version 7.0 and 8.0, and Client Server Messaging Security version 3.6, 3.5, 3.0, and 2.0.

Solution: Apply patches...

 

(Links to patches/updates available at the URL above.)

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Trend Micro OfficeScan multiple vulns - update available

- http://secunia.com/advisories/32097/

Release Date: 2008-10-02

Critical: Moderately critical

Impact: Exposure of sensitive information, DoS, System access

Where: From remote

Solution Status: Vendor Patch

Software: Trend Micro OfficeScan Corporate Edition 8.x

...The vulnerabilities are reported in Trend Micro OfficeScan 8.0.

Solution: Apply patches.

Trend Micro OfficeScan 8.0 Service Pack 1:

http://www.trendmicro.com/ftp/products/pat...Patch_B2439.exe

Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1:

http://www.trendmicro.com/ftp/products/pat...lPatch_3087.exe

Original Advisory: ...Trend Micro:

http://www.trendmicro.com/ftp/documentatio...2439_Readme.txt

http://www.trendmicro.com/ftp/documentatio...3087_Readme.txt

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

F-Secure vuln - update available

- http://secunia.com/advisories/32352/

Release Date: 2008-10-21

Critical: Highly critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch

Solution: Apply patches (please see the vendor's advisory for details).

Original Advisory: FSC-2008-3:

http://www.f-secure.com/security/fsc-2008-3.shtml ...

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-6085

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

McAfee update classifies Vista component as a Trojan

- http://www.theregister.co.uk/2008/10/21/mc...an_false_alert/

21 October 2008 - "McAfee has fixed an update glitch that wrongly slapped a Trojan classification on components of Microsoft Vista. As a result of a misfiring update, published on Monday, the Windows Vista console IME executable was treated as a password-stealing Trojan. Depending on their setup, McAfee users applying would have typically found the component either quarantined or deleted. The antivirus firm fixed the glitch with a definition update on Tuesday that recognised the difference between the Vista component and malware, as explained in a write-up by McAfee here*. False positives with virus signature updates are a perennial problem for antivirus vendors, and the latest glitch is far from the first such occurrence to befall McAfee. Only two months ago in August McAfee wrongly categorised a plug-in for Microsoft Office Live Meeting as a Trojan."

* http://us.mcafee.com/virusInfo/default.asp...;virus_k=100683

 

AVG flags ZoneAlarm as malware

- http://news.cnet.com/8301-1009_3-10067148-83.html

October 15, 2008 - "Grisoft, makers of AVG antivirus, on Wednesday released a new update addressing a false positive in another security product. On Tuesday, AVG users reported desktops warnings that their desktop was infected with something called Trojan Agent r.CX... The ZoneAlarm user forum soon filled with concerned users... Laura Yecies, vice president and general manager of Check Point's ZoneAlarm consumer division said, "as soon as Check Point learned that AVG's recent antivirus update was mistakenly flagging a ZoneAlarm file as a virus, we contacted AVG and they issued an update within hours that corrected the problem. AVG users will automatically get the update that corrects the issue." In July, Grisoft modified its free AVG 8 due to complaints about a proactive scanning of a Web site feature. The feature that had been enabled in the paid version of the product did not scale with the free release causing spikes in Web traffic."

- http://www.theregister.co.uk/2008/10/16/av...an_false_alarm/

16 October 2008 - "...The mis-firing AVG definition file tagged components of ZoneAlarm as infected with the Agent_r.CX Trojan horse and quarantined important files. As a result users running the popular antivirus package alongside security suite software from Check Point were left with a malfunctioning firewall, mystery infection reports and an inability to re-install their ZoneAlarm software..."

 

:(:(

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Trend Micro OfficeScan vuln - update available

- http://secunia.com/advisories/32005/

Release Date: 2008-10-22

Critical: Moderately critical

Impact: System access

Where: From local network

Solution Status: Vendor Patch

Software: Trend Micro OfficeScan Corporate Edition 7.x, Trend Micro OfficeScan Corporate Edition 8.x...

Solution: Apply patches.

Trend Micro OfficeScan 8.0 SP1 Patch 1:

http://www.trendmicro.com/ftp/products/pat...Patch_B3110.exe

Trend Micro OfficeScan 7.3:

http://www.trendmicro.com/ftp/products/pat...Patch_B1374.exe ...

Trend Micro:

http://www.trendmicro.com/ftp/documentatio...3110_readme.txt

http://www.trendmicro.com/ftp/documentatio...1374_readme.txt ...

 

- http://www.us-cert.gov/current/current_act..._critical_patch

October 22, 2008

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV vuln - update available

- http://secunia.com/advisories/32663/

Release Date: 2008-11-10

Critical: Moderately critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch...

Solution: Update to version 0.94.1.

> http://sourceforge.net/project/shownotes.p...;group_id=86638

Download:

- http://www.clamav.net/download/sources

Changelog:

- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

 

Also see: ClamWin Free Antivirus 0.94.1 released

- http://www.clamwin.com/content/view/205/1/

Download:

- http://www.clamwin.com/content/view/18/46/

Version 0.94.1; 24.5MB

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-5050

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV vuln - update available

- http://secunia.com/advisories/32926/

Release Date: 2008-12-02

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Clam AntiVirus (clamav) 0.x

...The vulnerability is reported in versions prior to 0.94.2.

Solution: Update to version 0.94.2.

Original Advisory: ClamAV:

http://sourceforge.net/project/shownotes.p...lease_id=643134

 

Download:

- http://www.clamav.net/download/sources

"...Latest stable release: ClamAV 0.94.2..."

 

Changelog:

- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

ESET Smart Security vuln - update available

- http://secunia.com/advisories/33210/

Release Date: 2008-12-19

Critical: Less critical

Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch

Software: ESET Smart Security 3.x

...The vulnerability is confirmed in version 3.0.672. Other versions prior to 3.0.684 may also be affected...

Solution: Update to version 3.0.684...

- http://www.eset.com/joomla/index.php?optio...13&Itemid=5

• stability and security fixes

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Sophos AV vuln - update available

- http://secunia.com/advisories/33177/

Release Date: 2008-12-19

Critical: Moderately critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch...

...The vulnerability is caused due to an unspecified error when processing certain malformed CAB archives. This can be exploited to crash the application and may allow the execution of arbitrary code...

Solution: Fixed in the Sophos virus engine 2.82.1.

Original Advisory: Sophos:

http://www.sophos.com/support/knowledgebas...icle/50611.html ...

 

- http://atlas.arbor.net/briefs/index#-675282542

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Trend Micro HouseCall ActiveX vuln - update available

- http://secunia.com/advisories/31583/

Release Date: 2008-12-21

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software: Trend Micro HouseCall ActiveX Control 6.x, Trend Micro HouseCall Server 6.x

...Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in versions 6.51.0.1028 and 6.6.0.1278. Other versions may also be affected.

Solution: Remove the ActiveX control and install version 6.6.0.1285.

http://prerelease.trendmicro-europe.com/hc66/launch/

 

:ph34r:

Share this post


Link to post
Share on other sites

If you're running NOD32, then you'll want to check the program About dialog box.

 

Chances are, you're still at 3.0.672.0

 

It seems that ESET has forgotten to push the program update through the auto update feature so far.

Share this post


Link to post
Share on other sites

FYI...

 

Avira Antivir vuln - update available

- http://secunia.com/advisories/33541/

Release Date: 2009-01-15

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Avira AntiVir Personal Edition Classic 7.x, 8.x, Premium 7.x, Premium 8.x,

Premium Security Suite 7.x, Server 6.x, UNIX MailGate 2.x, Workstation 7.x, 8.x,

Premium Security Suite 7.x

...The vulnerabilities are caused due to errors in the handling of RAR files. These can be exploited to crash an affected program via a specially crafted RAR archive.

Solution: Update the scanning engine to versions 7.9.0.54, 8.2.0.54, or later.

Original Advisory: Avira:

http://forum.avira.com/wbb/index.php?page=...;threadID=81148 ...

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

F-Secure Anti-Virus Client Security hotfix

- http://support.f-secure.com/enu/corporate/...-hotfixes.shtml

Feb 17, 2009 - "Client Security Hotfix fsav744-06

F-Secure Client Security versions 7.12 * All supported platforms

...After having applied this hotfix, the product gains ability to handle USB-carried malware known under the following aliases: Downadup and Conficker.

Note: A reboot is not required after installing the hotfix..."

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV multiple vulns - update available

- http://secunia.com/advisories/34566/

Release Date: 2009-04-03

Critical: Moderately critical

Impact: Security Bypass, DoS

Where: From remote

Solution Status: Vendor Patch

Software: Clam AntiVirus (clamav) 0.x ...

Solution: Update to version 0.95...

- http://www.clamav.net/download/sources

 

- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1241

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1270

Last revised: 04/10/2009

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Symantec Alert Management System 2 multiple vulns - SYM09-007

- http://preview.tinyurl.com/dngt55

April 28, 2009 Symantec Security Advisories:

Remote Access: Yes

Local Access: Yes...

"The version of Alert Management System 2 (AMS2) used by some versions of Symantec System Center, Symantec Antivirus Server, and Symantec AntiVirus Central Quarantine Server contains four vulnerabilities... (see) Affected Products table... Updates have been released to address these issues..."

- http://secunia.com/advisories/34856/2/

Release Date: 2009-04-29

Critical: Moderately critical

Impact: Privilege escalation, System access

Where: From local network

Solution Status: Vendor Patch

Software: Symantec AntiVirus Corporate Edition 10.x, Symantec AntiVirus Corporate Edition 9.x, Symantec Client Security 2.x, Symantec Client Security 3.x, Symantec Endpoint Protection 11.x...

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1429

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1430

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1431

 

- http://preview.tinyurl.com/cacnwe

Symantec Security Advisories

4/28/09 - Symantec Alert Management System 2 multiple vulnerabilities - SYM09-007

4/28/09 - Symantec Log Viewer JavaScript Injection Vulnerabilities - SYM09-006

4/28/09 - Symantec Reporting Server Improper URL Handling Exposure - SYM09-008

 

:!: :!: :!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

McAfee Security Bulletin - VirusScan Engine update fixes bypasses

- https://kc.mcafee.com/corporate/index?page=...ctp=LIST_RECENT

April 29, 2009

• Description

There is an issue with engine DAT versions where specially crafted archive files could cause a scanning process to miss files within the archive. These archives are corrupt, but still functional by some end user archive programs. This could allow malware to bypass a scanner on a gateway. Users utilizing on-access scanning on endpoint devices should not be affected, as the scanner will see the files after the archive is opened. An attack, even if it is successful at bypassing the gateway, will have no lasting effect on the endpoint running an on-access scanner, which is the default and recommended way of running our Anti-Virus products. Updating to the latest product version will resolve this issue.

• Remediation

Overview: Download appropriate DAT file 5600 or later.

Obtaining the Binaries: http://www.mcafee.com/apps/downloads/secur...updates/dat.asp

• Workaround

All users should enable On-Access-Scanning on all endpoint devices. This is the default setting after installation. By using On-Access-Scanning, endpoints will catch any threats that may pass on gateway devices. McAfee has long supported a defense-in-depth strategy that includes running antivirus software on multiple points of your network, including gateways, file servers, and especially endpoints...

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

F-Secure ZIP and RAR archives vulns

- http://secunia.com/advisories/35008/2/

Release Date: 2009-05-06

Critical: Not critical

Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch

Software: F-Secure Anti-Virus...

Solution: Apply patches. Please see the vendor's advisory for details...

Original Advisory: FSC-2009-1:

http://www.f-secure.com/en_EMEA/support/se...fsc-2009-1.html ...

2009-05-06

 

:ph34r: :!:

Share this post


Link to post
Share on other sites

FYI...

 

AVG 8.5 vuln - updates available

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1784

Last revised: 05/26/2009

CVSS v2 Base Score: 10.0 (HIGH)

 

- http://xforce.iss.net/xforce/xfdb/50426

... Platforms Affected:

* AVG, AVG Anti-Virus 6.0.710

* AVG, AVG Anti-Virus 7.0

* AVG, AVG Anti-Virus 7.0.251

* AVG, AVG Anti-Virus 7.0.323

* AVG, AVG Anti-Virus 7.1.308

* AVG, AVG Anti-Virus 7.1.407

* AVG, AVG Anti-Virus 7.5.448

* AVG, AVG Anti-Virus 7.5.476

* AVG, AVG Anti-Virus 8.0

* AVG, AVG Anti-Virus 8.0.156

Remedy: Upgrade to the latest version of AVG (8.5 build 323 or later), available from the AVG Web site...

 

Program update AVG 8.5.323 SP1

- http://www.avg.com/223363

... Fixes

• Core: Fixed problem with crash while scanning PDF files.

• Core: Fixed occasional crash of scanning engine.

• Core: Fixed problem of crash while healing Mozilla Firefox 3 cookies.

• Core: Fixed problem with processing slowdown during Resident Shield scanning LNK files.

• Core: Fixed problem with ZoneAlarm incompatibility.

• Core: Fixed problem with missed detection in corrupted *.cab and *.zip archives (thanks to Thierry Zoller)...

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

McAfee false positive...

- http://www.theregister.co.uk/2009/06/09/mcafee_update_snafu/

9 June 2009 - "A recent McAfee service pack led to systems being rendered unbootable, according to posts on the security giant's support forums. The mandatory service pack for McAfee's corporate Virus scanning product, VSE 8.7, was designed to address minor security bugs but instead tagged windows system files as malware. The software update was issued on 27 May and pulled on 2 June, after problems occurred. Users were advised to keep the patch if they'd already installed it in a low-key announcement on McAfee's knowledge base*. Posts on McAfee's support forum** paint a different picture of PCs and server left unbootable after the update had automatically deleted Windows systems files wrongly identified as potentially malign..."

* https://kc.mcafee.com/corporate/index?page=...&id=KB65943

June 08, 2009

** http://community.mcafee.com/showthread.php?t=231060

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

F-secure - Mail relay vuln - update available

- http://www.f-secure.com/en_EMEA/support/se...fsc-2009-2.html

2009-06-16 - "...Specially crafted messages may be used to bypass mail relay restrictions.

Mitigating factors:

* The issue only affects systems where the SMTP Turbo module is used for mail distribution.

* Incorrectly relayed messages still pass through spam filtering, which decreases the vulnerability’s usefulness for spam relaying.

Affected platforms: All supported platforms

Products: F-Secure Messaging Security Gateway 5.5.x...

 

- http://secunia.com/advisories/35475/2/

Release Date: 2009-06-16

Critical: Moderately critical

Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch

OS: F-Secure Messaging Security Gateway P-Series, F-Secure Messaging Security Gateway X-Series...

Solution: The vendor has fixed the vulnerability in patch 739, delivered automatically to affected systems. Approve the installation of patch 739 for systems not configured for automatic patch installation...

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

ClamAV CAB/RAR/ZIP vuln - update available

- http://www.securityfocus.com/bid/35426/info

Published: Jun 18 2009

Updated: Jun 19 2009

"... Versions prior to ClamAV 0.95.2 are vulnerable..."

 

- http://www.clamav.net/

"Latest ClamAV® stable release is: 0.95.2 ..."

 

- http://www.clamav.net/download/sources

 

:!:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now