F-PROT Antivirus CHM File Heap Buffer Overflow Vulnerability

Bugtraq ID:	21086
Class:	Boundary Condition Error
CVE:	CVE-2006-6294 CVE-2006-6293
Remote:	Yes
Local:	No
Published:	Nov 15 2006 12:00AM
Updated:	Jul 05 2007 11:27PM
Credit:	GLEG Ltd is credited with discovering this vulnerability.
Vulnerable:	Gentoo app-antivirus/f-prot 4.6.6 Frisk Software F-Prot Antivirus 4.6.6 Frisk Software F-Prot Antivirus 3.16f
Not Vulnerable:	Gentoo app-antivirus/f-prot 4.6.7 Frisk Software F-Prot Antivirus 4.6.7

F-PROT Antivirus CHM File Heap Buffer Overflow Vulnerability

F-PROT Antivirus is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

This vulnerability is reported on F-PROT Antivirus 3.16f and 4.6.6; other versions may also be affected.

F-PROT Antivirus CHM File Heap Buffer Overflow Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/21086.py

F-PROT Antivirus CHM File Heap Buffer Overflow Vulnerability

Solution:
The vendor has released F-PROT Antivirus 4.6.7 to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.

See the references for more information.

F-PROT Antivirus CHM File Heap Buffer Overflow Vulnerability

References:

• New versions of F-Prot Antivirus for all UNIX platforms (F-Prot)
  
• F-Prot Antivirus for Unix: heap overflow and Denial of Service (GLEG.NET)
  
• F-PROT Homepage (F-PROT)