<crap> This advisory may be found at http://kokanins.homepage.dk/ This advisory may not be reproduced, in part or in full, unless this notice is included. This advisory was written by knud. </crap> I. BACKGROUND According to the vendor "F-Prot TM is a quick and easy to use antivirus software package, specially designed to protect your data from virus infection and to remove any virus that may have infected your computersystem." F-prot is available from www.f-prot.com. II. DESCRIPTION Insufficient bounds checking leads to execution of arbitrary code. Useless exploit at http://kokanins.homepage.dk/f-prot.pl III. ANALYSIS Since f-prot is not suid/sgid the overflowing of the command line pose no initial danger unless the admin interferes, and setting +s on strange binaries must be considered inappropriate at the least. IV. DETECTION F-Prot FreeBSD for Small Business [TM] 3.12b, released on Sep. 30th 2002, the latest available at the time of writing, is known to be vulnerable. V. WORKAROUND below VI. VENDOR FIX [mail received from vendor] Dear Knud, Thank you for your mail. This as bean fixed. best regards, Arnar Thor VII. CVE INFORMATION unknown VIII. DISCLOSURE TIMELINE who cares IX. CREDIT knud _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 09:55:40 PST