|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Antivirus: infinite loop via a RAR archive
Synthesis of the vulnerability
An attacker can create a malicious RAR archive in order to generate an infinite loop in some antivirus.
Vulnerable products: CA Antivirus, e-Trust Antivirus, Sophos AV, TrendMicro Internet Security.
Severity of this weakness: 2/4.
Consequences of an attack: denial of service on service.
Hacker's origin: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/12/2006.
Références of this bulletin: 7609, BID-21509, CAID 35525, CAID 35526, CVE-2006-5645, CVE-2006-6458, CVE-2007-5645-ERROR, iDefense Security Advisory 12.08.06, VIGILANCE-VUL-6384.
Description of the vulnerability
The RAR format is composed of successive headers and data sections.
The "Archive Header" section is the main header of the file. The "head_size" field indicates size of this header and the "pack_size" header indicates the compressed size.
When "head_size" and "pack_size" fields are set to zero, archive is invalid. However, some antivirus enter an infinite loop trying to read data.
Antivirus identified as vulnerable are:
- CA Anti-Virus
- Sophos Small business edition (Windows/Linux) 4.06.1 (engine version 2.34.3)
- Trend Micro Office Scan 7.3
- Trend Micro PC Cillin - Internet Security 2006
- Trend Micro Server Protect 5.58
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.