AntiVir Divide By Zero Error in Processing TAR Files Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018137 |
|
SecurityTracker URL: http://securitytracker.com/id/1018137
|
|
CVE Reference:
CVE-2007-2973
(Links to External Site)
|
Updated: May 12 2008
|
Original Entry Date: May 29 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 7.03.00.09
|
Description:
A vulnerability was reported in AntiVir. A remote user can cause denial of service conditions.
A remote user can create a specially crafted TAR file that, when processed by the target user, will cause the target process to enter an infinite loop.
Sergio Alvarez of n.runs AG discovered this vulnerability.
|
Impact:
A remote user can cause the application to enter an infinite loop.
|
Solution:
The vendor has issued a fixed version (7.03.00.09).
The Avira advisory is available at:
http://forum.antivir-pe.de/thread.php?threadid=22528
|
Vendor URL: www.avira.com/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 29 May 2007 17:06:17 -0400
Subject: Avira AntiVir
|
http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt
|
|
