Symantec防病毒软件RAR解压远程堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196826 漏洞类型 缓冲区溢出
发布时间 2005-12-20 更新时间 2005-12-21
CVE编号 CVE-2005-4438 CNNVD-ID CNNVD-200512-481
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2005120055
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-481
|漏洞详情
Symantec防病毒软件支持对各种文件格式进行病毒分析。Symantec防病毒软件解压RAR文件时存在缓冲区溢出漏洞,攻击者可能利用此漏洞在服务器上执行任意指令。在解压RAR文件时Symantec防病毒软件存在多个堆溢出漏洞,可能允许攻击者完全控制受保护的系统。在默认配置中,攻击者可以无需用户交互变通过常见的协议(如SMTP)利用这些漏洞。
|漏洞EXP
Date
December 20, 2005

Vulnerability
The Symantec Antivirus Library provides file format support for virus analysis. During decompression of RAR files Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected. These vulnerabilities can be exploited remotely without user interaction in default configurations through common protocols such as SMTP.

Impact
Successful exploitation of Symantec protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. Symantec implementations are likely vulnerable in their default configuration. In default configurations users are likely vulnerable regardless of whether they choose to open or read the email.

Affected Products
Due to the library??s modular design and core functionality; it is likely this vulnerability affects a substantial portion of Symantec??s gateway, server, & client antivirus-enabled product lines on most platforms. In fact, the scope of this vulnerability is likely similar to the one described in the following link and also includes more current versions.

http://xforce.iss.net/xforce/alerts/id/187

Further, this library is also licensed to a substantial number of venders with products/services that are likely affected. A small sample of these vendors can be found in the following link.

http://www.symantec.com/partners/index.html

Recommendation
Disable scanning of RAR compressed files until the vulnerable code is fixed.

Credit
This vulnerability was discovered and researched by Alex Wheeler.

Contact
security (at) rem0te (dot) com [email concealed]
|参考资料

来源:US-CERTVulnerabilityNote
名称:VU#305272
链接:http://www.kb.cert.org/vuls/id/305272
来源:BUGTRAQ
名称:20051220SymantecAntivirusLibraryRemoteHeapOverflows
链接:http://www.securityfocus.com/archive/1/archive/1/419853/100/0/threaded
来源:MISC
链接:http://www.rem0te.com/public/images/symc2.pdf
来源:VUPEN
名称:ADV-2005-3003
链接:http://www.frsirt.com/english/advisories/2005/3003
来源:SECUNIA
名称:18131
链接:http://secunia.com/advisories/18131
来源:BID
名称:15971
链接:http://www.securityfocus.com/bid/15971
来源:SECTRACK
名称:1015384
链接:http://securitytracker.com/id?1015384
来源:SREASON
名称:276
链接:http://securityreason.com/securityalert/276