SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   NOD32 Vendors:   Eset
NOD32 Integer Overflow in Decompressing ASPACK Files Lets Remote Users Deny Service
SecurityTracker Alert ID:  1018436
SecurityTracker URL:  http://securitytracker.com/id/1018436
CVE Reference:   CVE-2007-3971   (Links to External Site)
Updated:  Apr 24 2008
Original Entry Date:  Jul 23 2007
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2289
Description:   A vulnerability was reported in NOD32. A remote user can cause denial of service conditions.

A remote user can send a specially crafted ASPACK file to cause the target application to enter an infinite loop and consume excessive CPU resources.

The vendor was notified on May 7, 2007.

Sergio Alvarez of n.runs AG discovered this vulnerability.

Impact:   A remote user can cause the target application to consume excessive CPU resources on the target system.
Solution:   The vendor has issued a fix.

The ESET advisory is available at:

http://www.eset.com/joomla/index.php?option=com_content&task=view&id=3469&Itemid=26

Vendor URL:  www.eset.com/ (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  2007-07-20 - n.runs-SA-2007.017 - NOD32 Antivirus ASPACK parsing

n.runs AG					   
http://www.nruns.com/			              security(at)nruns.com
n.runs-SA-2007.017                                           20-Jul-2007
________________________________________________________________________

Vendor:	               ESET, http://eset.com
Affected Products:	ESET NOD32 Antivirus
Vulnerability:         Denial of Service (remote) 
Risk:			MODERATE

________________________________________________________________________

Vendor communication:

  2007/05/07		Initial notification to ESET 
  2007/05/07		ESET Response
  2007/05/07		PoC files sent to ESET
  2007/05/10		ESET validate the vulnerability
  2007/05/24		ESET made available the updates
________________________________________________________________________

Overview:
 
Founded in 1992, ESET is a global provider of security software for enterprises and consumers. ESET’s award-winning, antivirus software
 system, NOD32, provides real-time protection from known and unknown viruses, spyware, rootkits and other malware. NOD32 offers the
 smallest, fastest and most advanced protection available, with more Virus Bulletin 100% Awards than any other antivirus product.
 ESET was named to Deloitte’s Technology Fast 500 five years running, and has an extensive partner network, including corporations
 like Canon, Dell and Microsoft. ESET has offices in Bratislava, SK; Bristol, U.K.; Buenos Aires, AR; Prague, CZ; San Diego, USA;
 and is represented worldwide in more than 100 countries. 
The broad product platform protects Windows, Linux, Novell and MS DOS machines.

Description:

A remotely exploitable vulnerability has been found in the file parsing engine.

In detail, the following flaw was determined:

- Infinite Loop through Integer Overflow in ASPACK packed files parsing

Impact:

This problem can lead to remote denial of service provoked by high CPU consume and exhaustion of storage resource if an attacker carefully
 crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in NOD32 Antivirus software versions prior
 to the update v.2.2289.

Solution:

The vulnerability was reported on May 07 and an update has been issued on May 24 to solve this vulnerability through the regular update
 mechanism.

________________________________________________________________________

Credit: 
Bugs found by Sergio Alvarez of n.runs AG. 
________________________________________________________________________

References: 
http://www.eset.com/joomla/index.php?option=com_content&task=view&id=3469&Itemid=26

This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php
http://www.nruns.com/parsing-engines-advisories.php
________________________________________________________________________

Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise,
 contact security@nruns.com for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties
 are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential,
 loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages. 

Copyright 2007 n.runs AG. All rights reserved. Terms of apply.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC