ESET NOD32 Antivirus文件解析引擎 整数溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189704 漏洞类型
发布时间 2007-07-25 更新时间 2007-07-26
CVE编号 CVE-2007-3971 CNNVD-ID CNNVD-200707-426
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2007070078
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200707-426
|漏洞详情
NOD32Anti-Virus是美国ESET公司开发的杀毒软件。NOD32的文件解析引擎存在整数溢出漏洞。在解析ASPACK压缩文件时可能会触发整数溢出,导致死循环,消耗大量CPU和存储资源。
|漏洞EXP
n.runs AG					   
http://www.nruns.com/			              security(at)nruns.com
n.runs-SA-2007.017                                           20-Jul-2007
________________________________________________________________________

Vendor:	               ESET, http://eset.com
Affected Products:	ESET NOD32 Antivirus
Vulnerability:         Denial of Service (remote) 
Risk:			MODERATE

________________________________________________________________________

Vendor communication:

2007/05/07		Initial notification to ESET 
  2007/05/07		ESET Response
  2007/05/07		PoC files sent to ESET
  2007/05/10		ESET validate the vulnerability
  2007/05/24		ESET made available the updates
________________________________________________________________________

Overview:
 
Founded in 1992, ESET is a global provider of security software for enterprises and consumers. ESET??s award-winning, antivirus software system, NOD32, provides real-time protection from known and unknown viruses, spyware, rootkits and other malware. NOD32 offers the smallest, fastest and most advanced protection available, with more Virus Bulletin 100% Awards than any other antivirus product. ESET was named to Deloitte??s Technology Fast 500 five years running, and has an extensive partner network, including corporations like Canon, Dell and Microsoft. ESET has offices in Bratislava, SK; Bristol, U.K.; Buenos Aires, AR; Prague, CZ; San Diego, USA; and is represented worldwide in more than 100 countries. 
The broad product platform protects Windows, Linux, Novell and MS DOS machines.

Description:

A remotely exploitable vulnerability has been found in the file parsing engine.

In detail, the following flaw was determined:

- Infinite Loop through Integer Overflow in ASPACK packed files parsing

Impact:

This problem can lead to remote denial of service provoked by high CPU consume and exhaustion of storage resource if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in NOD32 Antivirus software versions prior to the update v.2.2289.

Solution:

The vulnerability was reported on May 07 and an update has been issued on May 24 to solve this vulnerability through the regular update mechanism.

________________________________________________________________________

Credit: 
Bugs found by Sergio Alvarez of n.runs AG. 
________________________________________________________________________

References: 
http://www.eset.com/joomla/index.php?option=com_content&task=view&id=346
9&Itemid=26

This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php
http://www.nruns.com/parsing-engines-advisories.php
________________________________________________________________________

Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact security (at) nruns (dot) com [email concealed] for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages.

Copyright 2007 n.runs AG. All rights reserved. Terms of apply.
|参考资料

来源:BUGTRAQ
名称:200707202007-07-20-n.runs-SA-2007.017-NOD32AntivirusASPACKparsingInfiniteLoopAdvisory
链接:http://www.securityfocus.com/archive/1/archive/1/474245/100/0/threaded
来源:www.eset.com
链接:http://www.eset.com/joomla/index.php?option=com_content&task=view&id=3469&Itemid=26
来源:SECUNIA
名称:26124
链接:http://secunia.com/advisories/26124
来源:BID
名称:24988
链接:http://www.securityfocus.com/bid/24988
来源:MISC
链接:http://www.nruns.com/%5Bn.runs-SA-2007.017%5D%20-%20NOD32%20Antivirus%20ASPACK%20parsing%20Infinite%20Loop%20Advisory.txt
来源:MISC
链接:http://www.nruns.com/%5Bn.runs-SA-2007.017%5D%20-%20NOD32%20Antivirus%20ASPACK%20parsing%20Infinite%20Loop%20Advisory.pdf
来源:OSVDB
名称:37977
链接:http://osvdb.org/37977
来源:XF
名称:nod32-aspack-dos(35525)
链接:http://xforce.iss.net/xforce/xfdb/35525
来源:SECTRACK
名称:1018436
链接:http://www.securitytracker.com/id?1018436
来源:VUPEN
名称:ADV-2007-2602
链接:http://www.frsirt.com/english/advisories/2007/2602
来源:SREASON
名称:2923
链接:http://securityreason.com/securityalert/2923