F-PROT Antivirus ACE Remote Denial Of Service Vulnerability

Bugtraq ID:	21420
Class:	Input Validation Error
CVE:	CVE-2006-6352
Remote:	Yes
Local:	No
Published:	Dec 04 2006 12:00AM
Updated:	Dec 12 2006 10:33PM
Credit:	Evgeny Legerov is credited with discovering this vulnerability.
Vulnerable:	Gentoo app-antivirus/f-prot 4.6.6 Frisk Software F-Prot Antivirus 4.6.6 Frisk Software F-Prot Antivirus 3.16f
Not Vulnerable:	Gentoo app-antivirus/f-prot 4.6.7 Frisk Software F-Prot Antivirus 4.6.7

F-PROT Antivirus ACE Remote Denial Of Service Vulnerability

F-PROT Antivirus is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain file types, resulting in excessive consumption of system resources.

An attacker may exploit this issue to crash the affected application, denying further service to legitimate users.

F-PROT Antivirus version 4.6.6 is vulnerable; other versions may also be affected.

F-PROT Antivirus ACE Remote Denial Of Service Vulnerability

An attacker can exploit this issue by enticing a victim into opening a specially crafted ACE file.

The following exploit code is available:

• /data/vulnerabilities/exploits/21420.py

F-PROT Antivirus ACE Remote Denial Of Service Vulnerability

Solution:
The vendor has released version 4.6.7 to address this issue. Please see the references for more information.

F-PROT Antivirus ACE Remote Denial Of Service Vulnerability

References:

• New versions of F-Prot Antivirus for all UNIX platforms (F-Prot)
  
• F-Prot Antivirus for Unix: heap overflow and Denial of Service (GLEG.NET)
  
• F-PROT Homepage (F-PROT)