Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

F-Prot Anti-Virus Scanning Engine Bypass

Published: 2005-11-04
Last Updated: 2005-11-04 18:24:26 UTC
by Robert Danford (Version: 2)
0 comment(s)
An vulnerability has been reported in some versions of F-Prot Anti-Virus. The advisory is referenced below. Exploit code is reported to be available. Though it doesn't look like it would be difficult to create a zip file with  a version header value greater than 15.

http://securitytracker.com/alerts/2005/Nov/1015148.html

Update:
Full information can be found here: (Thanks Thierry)
http://thierry.sniff-em.com/research/fprot.html

Reportedly Vulnerable Versions/Platforms:
TBD

Vendors and users need to be really careful about making assumptions their networks are secure based upon a single application. Diversity and layers are a goodness.

Other recent bypass issues:
WebRoot Desktop Firewall:
http://secwatch.org/advisories/1011804
Sophos:
http://www.securitytracker.com/alerts/2005/Oct/1015025.html
Symantec:
http://www.securitytracker.com/alerts/2005/Oct/1015027.html
Kaspersky:
http://www.securitytracker.com/alerts/2005/Oct/1015024.html
Zone-Alarm:
http://www.net-security.org/vulnerability.php?id=20275
http://download.zonelabs.com/bin/free/securityAlert/35.html


Keywords:
0 comment(s)
Diary Archives