Re: Regarding F-Prot for Linux

From: Knud Erik Højgaard (kainat_private)
Date: Wed Feb 26 2003 - 15:17:49 PST

Next message: Dave Aitel: "makeunicode2.py release announcement"

Previous message: F-Prot Antivirus Technical Support: "Regarding F-Prot for Linux"
In reply to: F-Prot Antivirus Technical Support: "Regarding F-Prot for Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

F-Prot Antivirus Technical Support wrote:

> In response to an advisory posted on vuln-dev indicating security
> problems in the commandline scanner in F-Prot Antivirus for Linux and
> FreeBSD.
>
> FRISK Software International would like to emphasize that the problem
> has been resolved. Updated packages are available for download now.

As you made clear in the original advisory[1]. I repeat it for clarity:

--
Dear Knud,
Thank you for your mail.
This as bean fixed.
best regards,
Arnar Thor
--


> The problem was in insufficient bounds checking on the filename
> argument, when writing out the scan report in the case of
> non-existing file. This programming error does not constitute a
> security threat.
> Certain applications could however constitute a security threat by
> their usage of F-Prot" Antivirus.
> For example administrators might have setup the tool to be run as
> administrator without regard to the individual user's authority (suid
> root), in which case it would constitute a privilege elevation
> problem.

Not a security threat-> certain applications-> suid bit.
May i ask what 'certain application' the suid bit would be applied to?

> However, default installations and use of F-Prot" Antivirus with
> recommended third-party tools are not vulnerable. Neither is the
> daemon version of F-Prot Antivirus of Linux and FreeBSD.

They are vulnerable to the bug, which in itself is sort of useless, hence
the title '
f-prot antivirus useless buffer overflow'

> Also, the advisory stated that the latest available version of F-Prot
> Antivirus for Linux and FreeBSD was version 3.12b. This is wrong. The
> latest available version of F-Prot Antivirus for Linux and FreeBSD is
> version 3.12d, available since 20th january 2003.

I did say, and I quote,

F-Prot FreeBSD for Small Business [TM] 3.12b, released on Sep. 30th 2002,
the latest available at the time of writing, is known to be vulnerable.
end quote.

Note the part about 'at the time of writing.

This is in no way meant to be interpreted as hostility, I'm just a sucker
for clarity.

[1] available at  http://kokanins.homepage.dk/f-prot_antivirus.txt
--
Knud

Next message: Dave Aitel: "makeunicode2.py release announcement"
Previous message: F-Prot Antivirus Technical Support: "Regarding F-Prot for Linux"
In reply to: F-Prot Antivirus Technical Support: "Regarding F-Prot for Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 27 2003 - 10:02:21 PST