SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   BitDefender Vendors:   SOFTWIN
BitDefender AntiVirus Fails to Scan All of Multiple Attachments
SecurityTracker Alert ID:  1014495
SecurityTracker URL:  http://securitytracker.com/id/1014495
CVE Reference:   CVE-2005-2298   (Links to External Site)
Updated:  Jun 24 2008
Original Entry Date:  Jul 15 2005
Impact:   Host/resource access via network
Exploit Included:  Yes  
Version(s): 1.6.1 and prior versions
Description:   A vulnerability was reported in BitDefender AntiVirus for Linux/FreeBSD. A remote user can bypass the antivirus scanning protection.

A remote user can send an e-mail message with multiple attachments to cause the attachments following the first one to not be scanned.

The vendor was notified on July 4, 2005.

Alexander 'xaitax' Hagenah reported this vulnerability.

Impact:   A remote user can send a malicious attachment that will not be scanned by the anti-virus engine.
Solution:   The vendor has issued a fix.
Vendor URL:  www.bitdefender.com/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  05_07_14-bitdefender_malicious_content_bypass


--/	INTRODUCTION  --

Advisory	: 05_07_14-bitdefender_malicious_content_bypass
Release Date	: 14. July 2005
Application	: BitDefender Antivirus
Impact		: Malicious content bypass
Author		: Alexander 'xaitax' Hagenah [ah at primepage dot de]


--/	SYSTEMS AFFECTED  --

BitDefender running on Linux/BSD
* Engine 1.6.1 and prior


--/	VENDOR  --

Informed	: 04. July 2005
Response	: 05. July 2005
Patched		: 13. July 2005


--/	ABOUT  --

BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers

The BitDefender solutions for Mail Servers running on Linux and FreeBSD
platforms provide content security at the gateway level, by scanning
all the inbound and outbound e-mail traffic for malware and spam.


--/	SUMMARY  --

The BitDefender-Mail Server Scan-Engine is vulnerable against a simple
attachment `attack'.
A Scan-Engine normally splits a mail into header, body and attachments.
So the Scan-Engine is easily able to scan all the attachments in it's
origin format.
If there is more than one element, it simply jumps to the following and
does it's job again.
Not this one - in this engine only the first element is counted and
scanned. If there is more than one attachment, the following ones are
ignored. So you could simply add somewhere into the mail the following
lines:

.--
| begin
| end
`--

Now the engine expect this to be the first attachment and stops
scanning the mail. So there is no problem to add an attachment with
malicious content which will be ignored by the BitDefender scanner.

This only depends to UUencoded mails. For more information about
UUencode take a look at http://en.wikipedia.org/wiki/Uuencode.


--/	REPRODUCE  --

If the engine is somewhere productive running, you can test it - maybe
with EICAR as attachment - and put into the body the begin/end content.
If not, there is a evaluation version to download on the
bitdefender-page.


--/	PATCH  --

The patch is automatically downloaded by the bitdefender update engine.
It works with all versions, because all updates are transferred into
Plugins/ directory.


--/	CONTACT  --

This advisory is provided by:

- ( x a i t a x - s e c u r i t y ) -
http://xaitax.de | ah at primepage dot de

top concepts Internetmarketing GmbH
http://topconcepts.de | hagenah at topconcepts dot de


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC