Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: F-Prot Anti-Virus Scanning Engine Bypass - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
F-Prot Anti-Virus Scanning Engine Bypass
An vulnerability has been reported in some versions of F-Prot Anti-Virus. The advisory is referenced below. Exploit code is reported to be available. Though it doesn't look like it would be difficult to create a zip file with  a version header value greater than 15.
I haven't seen a vendor advisory or fix yet so its unknown what versions/platforms may be affected and the url for Thierry Zoller's site is not resolving for me. We'll post updates here as more info becomes available.

http://securitytracker.com/alerts/2005/Nov/1015148.html

Vendors and users need to be really careful about making assumptions their networks are secure based upon a single application. Diversity and layers are a goodness.

Other recent bypass issues:
WebRoot Desktop Firewall:
http://secwatch.org/advisories/1011804
Sophos:
http://www.securitytracker.com/alerts/2005/Oct/1015025.html
Symantec:
http://www.securitytracker.com/alerts/2005/Oct/1015027.html
Kaspersky:
http://www.securitytracker.com/alerts/2005/Oct/1015024.html
Zone-Alarm:
http://www.net-security.org/vulnerability.php?id=20275
http://download.zonelabs.com/bin/free/securityAlert/35.html


Robert

49 Posts

Sign Up for Free or Log In to start participating in the conversation!