exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Avira AntiVir Engine Denial Of Service / Filter Evasion

Avira AntiVir Engine Denial Of Service / Filter Evasion
Posted Jun 14, 2013
Authored by Markus Vervier, Eric Sesterhenn | Site lsexperts.de

Avira AntiVir Engine versions prior to 8.2.12.58 suffers from filter evasion and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4602
SHA-256 | f5e46b03133d76cb79b53518f4dfe1360eac24c598dd82d32a8f7e0fd3a49db7

Avira AntiVir Engine Denial Of Service / Filter Evasion

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===

Avira AntiVir Engine -- Denial of Service / Filtering Evasion
- -------------------------------------------------------------

Affected Versions
=================
Avira AntiVir Engine < 8.2.12.58

Affected products using the AntiVir engine are:

Avira Server Security
Avira AntiVir MailGate
Avira AntiVir MailGate Suite
Avira Exchange Security
Avira AntiVir WebGate
Avira AntiVir WebGate Suite
Avira AntiVir SharePoint
Avira Professional Security
Avira AntiVir Personal
Avira Savapi

Problem Overview
================
Technical Risk: high
Likelihood of Exploitation: high
Vendor: Avira Operations GmbH & Co. KG
Credits: LSE Leading Security Experts GmbH employees Markus Vervier
and Eric Sesterhenn
Advisory URL: http://www.lsexperts.de/advisories/lse-2013-06-13.txt
Advisory Status: Public
CVE-Number: CVE-2013-4602

Problem Description
===================
While conducting a penetration test on a customer system LSE Leading
Security Experts GmbH discovered a Denial of Service vulnerability and
possible memory corruption in the Avira AntiVir Engine.
By scanning specially crafted PDF documents, a bug can be triggered
which causes an endless loop in the scanning engine.

Temporary Workaround and Fix
============================
LSE Leading Security Experts GmbH advises to install the latest
updates via the update functionality. The fix for this issue was
released by Avira Operations GmbH on 2013-06-11.

Problem Impact
==============
When scanning specially crafted PDF documents an endless loop is
caused in the Avira AntiVir scanning engine. This allows an attacker
to stall the antivirus engine and prevent malicious files from being
detected.
Additionally an attacker may be able to cause the antivirus engine to
consume all available resources on the system. In case of enterprise
setups like for example mailgateways an effective Denial of Service
attack can be launched on the whole system.
LSE Leading Security Experts GmbH will provide additional details
including a proof of concept on a later date to protect affected
customers.

History
=======
2013-06-05 Problem discovery during penetration testing
2013-06-06 Original vendor contacted
2013-06-06 Vulnerability confirmed by vendor
2013-06-11 Updated Engine Released
2013-06-13 CVE-2013-4602 assigned
2013-06-13 Coordinated Advisory Release
- --
http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel.: +49 (0) 6151 86086-0, Fax: -299,
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther, Dr. Peter Schill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJRucGlAAoJEDgSCSGZ4yd8czUQALx7SSxJHOL/yNXIruEE+ZO6
uSwsnMlfKZc9Pp4+D7aTvdeA8ZYIbHgDJ9V/lHBXu08d496PaBDcxClvyMqKn/DF
fnT4rylPfuCLvA9qfPLQtswUMzzM5GeC97+xb+7J0zTXIkDkH+7k6uodzEdmVhsn
qVt+qWaO1CEbjEKIkQ4kirbvScNRTF3BlJcJsvPtI4vmrssLyUTeVm5Gamx47LfE
S25i3zMkqIH9yJTJoJNKWwXlnzpRjVxpUyN/ZmcvwXgXzFmJ3Q3b6Bt4cVquw0O9
/EPZWQmd6z+qe3Z3QC0Q2UabNWW/lqvsyliguF0gwc/X+HXPVGQtJ+AIieg0HwB6
QLTeYHuJXl/ZYaKCqMFFSX/0ZHhUsOMUZWa9FQlfAmXOvvWe2gIz8Q7zIVJAUmqR
s9Zxj6NMtYw/PiQNxEmSVypudYS+lD05eYqldPZtTsByf7gVd/RRlJzhXVznxWxZ
eqBWys6wrhnVfWvArhOJQqWsCrrI7by0GXDavQ+Ar6wYa9ovvPQDDUp8kfdZNEoV
k6WOH8YYu6942uxZF39dFUbx7Gk+GU4lgzcmNtXx62sU9S63zG07gWl98zcpgR0N
IpMITxyyYa0QJ23Ig07D+QQpOjPQN4wnJSqVwnpED1dumTaUrYSgm8GTgSP7wm7n
6Gvy3ghRtVKuQja0qwrY
=BxkJ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    66 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close