Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine
From: "LSE Leading Security Experts GmbH (Security Advisories)" <advisories () lsexperts de>
Date: Thu, 13 Jun 2013 14:58:39 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===

Avira AntiVir Engine -- Denial of Service / Filtering Evasion
- -------------------------------------------------------------

Affected Versions
=================
Avira AntiVir Engine < 8.2.12.58

Affected products using the AntiVir engine are:

Avira Server Security
Avira AntiVir MailGate
Avira AntiVir MailGate Suite
Avira Exchange Security
Avira AntiVir WebGate
Avira AntiVir WebGate Suite
Avira AntiVir SharePoint
Avira Professional Security
Avira AntiVir Personal
Avira Savapi

Problem Overview
================
Technical Risk: high
Likelihood of Exploitation: high
Vendor: Avira Operations GmbH & Co. KG
Credits: LSE Leading Security Experts GmbH employees Markus Vervier
and Eric Sesterhenn
Advisory URL: http://www.lsexperts.de/advisories/lse-2013-06-13.txt
Advisory Status: Public
CVE-Number: CVE-2013-4602

Problem Description
===================
While conducting a penetration test on a customer system LSE Leading
Security Experts GmbH discovered a Denial of Service vulnerability and
possible memory corruption in the Avira AntiVir Engine.
By scanning specially crafted PDF documents, a bug can be triggered
which causes an endless loop in the scanning engine.

Temporary Workaround and Fix
============================
LSE Leading Security Experts GmbH advises to install the latest
updates via the update functionality. The fix for this issue was
released by Avira Operations GmbH on 2013-06-11.

Problem Impact
==============
When scanning specially crafted PDF documents an endless loop is
caused in the Avira AntiVir scanning engine. This allows an attacker
to stall the antivirus engine and prevent malicious files from being
detected.
Additionally an attacker may be able to cause the antivirus engine to
consume all available resources on the system. In case of enterprise
setups like for example mailgateways an effective Denial of Service
attack can be launched on the whole system.
LSE Leading Security Experts GmbH will provide additional details
including a proof of concept on a later date to protect affected
customers.

History
=======
2013-06-05  Problem discovery during penetration testing
2013-06-06  Original vendor contacted
2013-06-06  Vulnerability confirmed by vendor
2013-06-11  Updated Engine Released
2013-06-13  CVE-2013-4602 assigned
2013-06-13  Coordinated Advisory Release

- -- 
http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel.: +49 (0) 6151 86086-0, Fax: -299,
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther, Dr. Peter Schill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJRucH/AAoJEDgSCSGZ4yd8nDkQAIgBK74ghUVAaoUEm56PPvKq
Ze/s0pC94yl6be4eauw9JFQLHjY2E55sbHiYgX9jGDedl2GoXLRTlLW47WdOw7LL
VINyk7My8iNocp/lx2y54BIzhKaQG8m70FLBF9UUcN6ogFzMFPbx1FhfutSJ7Q9x
snGQIGOsXCRKi5nTwCRjudF7xYGYbGagSrPgZF4Uc+PsvSKtzQ3RXrAaqXJncVoF
uiNvETPoe0G2FHeUgPr5FNanpRhR1XsxoVPrYkfDMJ/JlOP2cfU5Yi+EePah9eaS
ADUoWHUHjHk51N7RVYOWlQvEO2Ja+30DjuMyBtY1XqbZN/nW4x+Treq5dw4Mt7sW
hf9NqV2t/pZ7A8dWa3uGYkdWJg95vabJYqguJ3Vtxs78HcvGwFEAyUfAlWe0Hm6t
K8IOyIlOwVNG3Q6MMNQV9M9EOgeY+p7bF1Dkv6KpZ2TMcRDTap5Q2MdzJ8iAe8gi
Zy1KC/pVTSi+J3koBF4Q4NJhEhp9Vtl+u2AulsWCwl8lQRudib7NEav5SfN/ZZZd
TWr2vKzkBZ5rM9yjIvDjzjDRrDZDjHlrSu3bx032MIIpJlyz5j/nKXULVCY5zQfh
pBebP8UF4cXgUy/v2K64JEI9FqLyGkBHT0PacI1/gtcyMdM1veDL/YOqSFLfowUP
A/LqiRtXoss0Rmtc+C3f
=hRth
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine LSE Leading Security Experts GmbH (Security Advisories) (Jun 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]