SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   AVG Anti-Virus Vendors:   Grisoft
AVG Anti-Virus UPX File Parsing Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1020570
SecurityTracker URL:  http://securitytracker.com/id/1020570
CVE Reference:   CVE-2008-3373   (Links to External Site)
Updated:  Aug 6 2008
Original Entry Date:  Jul 29 2008
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.0.156
Description:   A vulnerability was reported in AVG Anti-Virus. A remote user can cause denial of service conditions.

A remote user can create a specially crafted UPX file that, when processed by the target application, will cause the application to crash.

The vendor was notified on July 10, 2008.

Sergio 'shadown' Alvarez of n.runs AG reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   The vendor has issued a fix (8.0.156), available at:

http://www.grisoft.com/ww.94247

Vendor URL:  www.grisoft.com/ (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  n.runs-SA-2008.004 - AVG Anti-Virus Divide by Zero - DoS (remote)

n.runs AG
http://www.nruns.com/                              security(at)nruns.com
n.runs-SA-2008.004                                           28-Jul-2008
________________________________________________________________________

Vendor:                Grisoft Inc., http://grisoft.com
Product:               AVG Anti-Virus
Vulnerability:         Divide by Zero - DoS (remote) 
Risk:                  HIGH
________________________________________________________________________

Vendor communication:

2008-07-10             n.runs contacted AVG
2008-07-10             AVG response
2008-07-10             n.runs sent PoC files to AVG
2008-07-10             AVG started to investigate the PoCs
2008-07-14             AVG confirms the vulnerability and expect to 
                       release a fix next week
2008-07-14             n.runs thanks AVG for the status report (waiting 
                       for the fix next week)
2008-07-25             AVG releases fixed version 
                       http://www.grisoft.com/ww.94247
2008-07-28             n.runs releases this advisory
________________________________________________________________________

Overview:

Grisoft is focused on developing software solutions that provide protection
from computer viruses. Grisoft's primary focus is to deliver the most
comprehensive and proactive protection available on the market. 

Distributed globally through resellers and through the internet, the AVG
Anti-Virus product line supports all major operating systems and platforms.
More than 40 million users around the world use Grisoft AVG products to
protect their computers and networks.

Description:

A remotely exploitable vulnerability has been found in the files parsing
engine.

In detail, the following flaw was determined:

- A Denial of Service caused by a Divide by Zero while parsing UPX files. 

Impact:

This problem can lead to remote denial of service if an attacker carefully
crafts a file that exploits the aforementioned vulnerability. The
vulnerability is present in AVG Antivirus software versions prior to the
program update AVG 8.0.156. 

Solution: 
The vulnerability was reported on 10.Jul.2008 and AVG 8.0.156 has been
issued on 25.Jul.2008 to solve this vulnerability. For detailed information
about the fixes follow the link in References [1] section of this document.
________________________________________________________________________

Credit: 
Bugs found by Sergio 'shadown' Alvarez of n.runs AG. 
________________________________________________________________________

References: 
http://www.grisoft.com/ww.94247 [1]

This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php
________________________________________________________________________

Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
security@nruns.com for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded. In
no event shall n.runs be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages, even if n.runs has been advised of the possibility of such damages.


Copyright 2008 n.runs AG. All rights reserved. Terms of use apply.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC