McAfee Antivirus Library LHA Archive Handler Stack Based Buffer Overflow Vulnerability
BID:12832
Info
McAfee Antivirus Library LHA Archive Handler Stack Based Buffer Overflow Vulnerability
| Bugtraq ID: | 12832 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0644 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of this vulnerability is credited to Alex Wheeler of ISS X-Force. |
| Vulnerable: |
McAfee WebShield SMTP 4.5 McAfee WebShield for Solaris 4.0 McAfee Webshield Appliances McAfee Webshield 3000 4.3.20 McAfee VirusScan Professional McAfee VirusScan for NetApp McAfee VirusScan Enterprise 8.0 i McAfee VirusScan Enterprise 7.1 McAfee VirusScan Command Line McAfee VirusScan 9.0 McAfee VirusScan 8.0 McAfee VirusScan 7.1 McAfee VirusScan 7.0 McAfee VirusScan 6.0 McAfee VirusScan 5.0 McAfee VirusScan 4.5.1 McAfee VirusScan 4.5 McAfee VirusScan 4.0.3 McAfee VirusScan 4.0 McAfee VirusScan 3.0 McAfee VirusScan 2.0 McAfee VirusScan 1.0 McAfee Virex McAfee SecurityShield for Microsoft ISA Server McAfee PortalShield for Microsoft SharePoint McAfee NetShield for Netware McAfee Managed VirusScan McAfee Linuxshield 0 McAfee Internet Security Suite McAfee GroupShield for Mail Servers with ePO McAfee GroupShield for Lotus Domino McAfee Groupshield For Exchange 6.0 McAfee Groupshield For Exchange 5.5 McAfee ASaP VirusScan 0 McAfee Active VirusScan SMB Edition McAfee Active VirusScan McAfee Active Virus Defense SMB Edition McAfee Active Virus Defense McAfee Active Threat Protection McAfee Active Mail Protection |
| Not Vulnerable: | |
Discussion
McAfee Antivirus Library LHA Archive Handler Stack Based Buffer Overflow Vulnerability
McAfee Antivirus Library is reported prone to a buffer overflow vulnerability. The issue is reported to exist in the LHA archive parser. The affected library does not perform sufficient bounds checking on LHA type two header file name fields before copying the data into a finite process buffer.
Although unclear, it is reported that the LHA archive must be especially malformed and conform to an alternate non-archive file format in order to trigger the vulnerability.
A remote attacker may exploit this vulnerability to execute arbitrary code with SYSTEM privileges on a computer that is running the affected software.
McAfee Antivirus Library is reported prone to a buffer overflow vulnerability. The issue is reported to exist in the LHA archive parser. The affected library does not perform sufficient bounds checking on LHA type two header file name fields before copying the data into a finite process buffer.
Although unclear, it is reported that the LHA archive must be especially malformed and conform to an alternate non-archive file format in order to trigger the vulnerability.
A remote attacker may exploit this vulnerability to execute arbitrary code with SYSTEM privileges on a computer that is running the affected software.
Exploit / POC
McAfee Antivirus Library LHA Archive Handler Stack Based Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
McAfee Antivirus Library LHA Archive Handler Stack Based Buffer Overflow Vulnerability
Solution:
The vendor has released an updated scan engine in a DAT file to affected customers. It is reported that customers running the 4320 engine and DAT version prior to 4436 are prone to this issue; these customers are advised to contact the vendor for further information regarding obtaining an applying appropriate updates.
Solution:
The vendor has released an updated scan engine in a DAT file to affected customers. It is reported that customers running the 4320 engine and DAT version prior to 4436 are prone to this issue; these customers are advised to contact the vendor for further information regarding obtaining an applying appropriate updates.
References
McAfee Antivirus Library LHA Archive Handler Stack Based Buffer Overflow Vulnerability
References:
References:
- McAfee AntiVirus Library Stack Overflow (Internet Security Systems)
- McAfee Security Bulletin - March 17th 2005 (McAfee)
- VirusScan 4320 Engine Buffer Overrun Vulnerability (McAfee)