SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   eTrust Antivirus Vendors:   CA
eTrust Antivirus Can By Bypassed By Remote Users Sending Password-Protected Zip File Contents
SecurityTracker Alert ID:  1009074
SecurityTracker URL:  http://securitytracker.com/id/1009074
CVE Reference:   CVE-2004-2305   (Links to External Site)
Updated:  Jun 24 2008
Original Entry Date:  Feb 16 2004
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.0, 7.0
Description:   A vulnerability was reported in eTrust Antivirus. The antivirus software may fail to detected infected files within zip files that contain a password-protected file.

The vendor reported that when eTrust Antivirus performs a scan on a zip file that contains a password protected file along with other files, eTrust Antivirus will scan the password-protected file but will not scan any additional files after that.

A remote user can send a specially crafted zip file containing a virus that will pass through the antivirus system without detection.

Impact:   A remote user can send a virus through the antivirus system without detection.
Solution:   The vendor has issued a fix:

NODE: ftp.ca.com
PATH: /CAproducts/unicenter/eTrust/AntiVirus/7.0/nt/qo50563
FILES: QO50563.C5D QO50563.CAZ

For installation instructions and additional download URLs, see the vendor's advisory:

http://support.ca.com/Download/patches/ilitnt/QO50563.html

[Editor's note: A separate fix is now available for version 6.0; a separate Alert will be issued regarding the fix for 6.0; see the Message History.]

Vendor URL:  support.ca.com/Download/patches/ilitnt/QO50563.html (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 22 2004 (Vendor Issues Fix for 6.0) eTrust Antivirus Can By Bypassed By Remote Users Sending Password-Protected Zip File Contents
The vendor has also issued a fix for version 6.0.



 Source Message Contents

Subject:  http://support.ca.com/Download/patches/ilitnt/QO50563.html


http://support.ca.com/Download/patches/ilitnt/QO50563.html

 > PRODUCT: eTrust Antivirus EE RELEASE: 7.0
 >
 > APAR #: QO50563 DATE: 13 FEB 2004

Computer Associates reported that when eTrust Antivirus performs a scan on a zip file that 
contains a password protected file along with other files, eTrust Antivirus will scan the 
password-protected file but will not scan any further files.

The vendor has issued a fix:

NODE: ftp.ca.com
PATH: /CAproducts/unicenter/eTrust/AntiVirus/7.0/nt/qo50563
FILES: QO50563.C5D QO50563.CAZ

For installation instructions and additional download URLs, see the vendor's advisory:

http://support.ca.com/Download/patches/ilitnt/QO50563.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC