McAfee VirusScan Buffer Overflow in Processing LHA Headers Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1013463
|
|
SecurityTracker URL: http://securitytracker.com/id?1013463
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 17 2005
|
Impact: Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Internet Security Systems (X-Force)
|
Version(s): library versions prior to 4400
|
Description: A vulnerability was reported in McAfee VirusScan in the processing of LHA archives. A remote user can execute arbitrary code with System privileges.
The underlying McAfee Antivirus Library does not properly parse LHA files. Type 2 header file name fields are not properly validated
to ensure that the user-supplied value can fit within the allocated memory before the value is copied to memory. A value between
0x130 and 0x167 bytes in length can trigger a buffer overflow.
A remote user can send a specially crafted LHA file to the target
system to trigger the buffer overflow and execute arbitrary code with System level privileges.
The original advisory is available
at:
http://xforce.iss.net/xforce/alerts/id/190
Alex Wheeler of ISS X-Force discovered this vulnerability.
|
Impact: A remote user can execute arbitrary code on the target system with System level privileges.
|
Solution: The vendor has issued a fixed library version (4400).
|
Vendor URL: www.mcafee.com/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
Reported By: X-Force <xforce@iss.net>
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
