Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability

Bugtraq ID:	52610
Class:	Design Error
CVE:	CVE-2012-1457
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	May 07 2015 05:17PM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	VirusBlokAda VBA32 3.12.14 2 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Trend Micro VirusBuster 13.6.151 0 Trend Micro Trend Micro 9.120 1004 Trend Micro HouseCall 9.120 1004 Symantec AntiVirus 20101.3 103 SuSE openSUSE 12.1 SuSE openSUSE 11.4 Rising Antivirus 22.83 03 Quick Heal Technologies CAT-QuickHeal 11.00 PCTools Antivirus 7.0.3 5 Norman Antivirus 6.6.12 Microsoft Antivirus 1.6402 McAfee McAfee-GW-Edition 2010.1C MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Kaspersky Kaspersky Antivirus 7.0 125 K7 Computing Pvt Ltd K7AntiVirus 9.77.3565 Jiangmin Corporation Jiangmin 13.0.900 Ikarus Antivirus T3.1.1.97.0 G Data Software GData 21 Frisk Software F-Prot Antivirus 4.6.2 117 Eset NOD32 5795 eSafe Antivirus 7.0.17 0 Emsisoft Antivirus 5.1 1 BitDefender AntiVirus 7.2 AVIRA AntiVir Engine 7.11.1 163 AVG AVG Anti-Virus 10.0 1190 Avast! Avast5 Antivirus 5.0.677 0 Avast! Antivirus 4.8.1351.0 Authentium Command Antivirus 5.2.11 5 Antiy Antiy-AVL 2.0.3 7
Not Vulnerable:

Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability

Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.



Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.



The following products are affected:



AVIRA AntiVir Engine 7.11.1.163


Antiy Antiy-AVL 2.0.3.7


Avast! Antivirus 4.8.1351.0


Avast! Avast5 Antivirus 5.0.677.0


AVG AVG Anti-Virus 10.0.0.1190


BitDefender AntiVirus 7.2


Quick Heal Technologies CAT-QuickHeal 11.00


Authentium Command Antivirus 5.2.11.5


Emsisoft Antivirus 5.1.0.1


eSafe Antivirus 7.0.17.0


Frisk Software F-Prot Antivirus 4.6.2.117


G Data Software GData 21


Ikarus Antivirus T3.1.1.97.0


Jiangmin Corporation Jiangmin 13.0.900


K7 Computing Pvt Ltd K7AntiVirus 9.77.3565


Kaspersky Kaspersky Antivirus 7.0.0.125


McAfee McAfee 5.400.0.1158


McAfee McAfee-GW-Edition 2010.1C


Microsoft Antivirus 1.6402


Eset NOD32 5795


Norman Antivirus 6.06.12


PCTools Antivirus 7.0.3.5


Rising Antivirus 22.83.00.03


Symantec AntiVirus 20101.3.0.103


Trend Micro TrendMicro 9.120.0.1004


Trend Micro TrendMicro-HouseCall 9.120.0.1004


VirusBlokAda VBA32 3.12.14.2


Trend Micro VirusBuster 13.6.151.0

Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability

Solution:
Updates are available. Please see the references for more information.


MandrakeSoft Enterprise Server 5 x86_64

• Mandriva clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm
  http://www.mandriva.com/en/downloads/

MandrakeSoft Enterprise Server 5

• Mandriva clamav-0.97.5-0.1mdvmes5.2.i586.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva clamd-0.97.5-0.1mdvmes5.2.i586.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm
  http://www.mandriva.com/en/downloads/

Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability

References:

• Antiy Homepage (Antiy)
  
• Authentium Homepage (Authentium)
  
• Avast! Homepage (Avast!)
  
• AVG Homepage (AVG)
  
• Avira Homepage (Avira)
  
• BitDefender Homepage (BitDefender)
  
• Emsisoft Homepage (Emsisoft)
  
• eSafe Homepage (eSafe)
  
• ESET Homepage (ESET)
  
• Frisk Software Homepage (Frisk Software)
  
• G Data Software Homepage (G Data Software)
  
• Ikarus Homepage (Ikarus)
  
• Jiangmin Corporation Homepage (Jiangmin Corporation)
  
• K7 Computing Pvt Ltd Homepage (K7 Computing Pvt Ltd)
  
• Kaspersky Homepage (Kaspersky)
  
• McAfee Homepage (McAfee)
  
• Microsoft Homepage (Microsoft)
  
• Norman Homepage (Norman)
  
• PCTools Homepage (PCTools)
  
• Quick Heal Technologies Homepage (Quick Heal Technologies)
  
• Rising Homepage (Rising International Software)
  
• Symantec Homepage (Symantec)
  
• Trend Micro Homepage (Trend Micro)
  
• VirusBlokAda Homepage (VirusBlokAda)
  
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)