F-PROT Antivirus for Linux ELF File Scanning 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1184209 漏洞类型 资源管理错误
发布时间 2008-12-10 更新时间 2009-04-29
CVE编号 CVE-2008-5747 CNNVD-ID CNNVD-200812-469
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/32753
https://cxsecurity.com/issue/WLB-2008120205
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-469
|漏洞详情
F-PROT是一种防毒软件,只要有DOS环境就能执行。GNU/LinuxF-Prot4.6.8版本允许远程攻击者借助一个特制的ELF程序和一个"损耗"的页眉来绕过anti-virus保护。该页眉仍允许该程序被执行。
|漏洞EXP
-----------------------------------------------------------------------
[ iViZ Security Advisory 08-016                            10/12/2008 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
                                            http://www.ivizsecurity.com
-----------------------------------------------------------------------

* Title:     F-Secure f-prot Antivirus for Linux corrupted ELF header
             Security Bypass.
* Date:      10/12/2008
* Software:  f-prot version 4.6.8 for GNU/Linux

--[ Synopsis:

It is possible to protect an ELF binary against
    f-prot by corrupting its ELF header, while letting
    the binary completely functional. F-prot will crash
    when analyzing the file, letting the possible malware
    undetected.

--[ Affected Software:

* f-prot version 4.6.8 for GNU/Linux

--[ Impact:

Remote DoS, possibly remote code execution.

--[ Vendor response:

* No vendor response

--[ Credits:

This vulnerability was discovered by Security Researcher
    Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.

--[ Disclosure timeline:

* First private disclosure to vendor on September 1st 2008.

--[ Reference:

http://www.ivizsecurity.com/security-advisory.html
|受影响的产品
Gentoo Linux Frisk Software F-Prot Antivirus for Linux Workstation 4.6.8 Frisk Software F-Prot Antivirus for Linux and BSD 4.4.2
|参考资料

来源:BID
名称:32753
链接:http://www.securityfocus.com/bid/32753
来源:BUGTRAQ
名称:20081222Re:[IVIZ-08-016]F-Securef-protAntivirusforLinuxcorruptedELFheaderSecurityBypass
链接:http://www.securityfocus.com/archive/1/archive/1/499501/100/0/threaded
来源:BUGTRAQ
名称:20081216Re:[IVIZ-08-016]F-Securef-protAntivirusforLinuxcorruptedELFheaderSecurityBypass
链接:http://www.securityfocus.com/archive/1/archive/1/499305/100/0/threaded
来源:BUGTRAQ
名称:20081210[IVIZ-08-016]F-Securef-protAntivirusforLinuxcorruptedELFheaderSecurityBypass
链接:http://www.securityfocus.com/archive/1/499083
来源:MISC
链接:http://www.ivizsecurity.com/security-advisory-iviz-sr-08016.html
来源:SREASON
名称:4822
链接:http://securityreason.com/securityalert/4822
来源:GENTOO
名称:GLSA-200904-14
链接:http://security.gentoo.org/glsa/glsa-200904-14.xml
来源:SECUNIA
名称:34700
链接:http://secunia.com/advisories/34700