exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Avira AntiVir Engine Denial Of Service / Filter Evasion

Avira AntiVir Engine Denial Of Service / Filter Evasion
Posted Jun 14, 2013
Authored by Markus Vervier, Eric Sesterhenn | Site lsexperts.de

Avira AntiVir Engine versions prior to 8.2.12.58 suffers from filter evasion and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4602
SHA-256 | f5e46b03133d76cb79b53518f4dfe1360eac24c598dd82d32a8f7e0fd3a49db7

Avira AntiVir Engine Denial Of Service / Filter Evasion

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===

Avira AntiVir Engine -- Denial of Service / Filtering Evasion
- -------------------------------------------------------------

Affected Versions
=================
Avira AntiVir Engine < 8.2.12.58

Affected products using the AntiVir engine are:

Avira Server Security
Avira AntiVir MailGate
Avira AntiVir MailGate Suite
Avira Exchange Security
Avira AntiVir WebGate
Avira AntiVir WebGate Suite
Avira AntiVir SharePoint
Avira Professional Security
Avira AntiVir Personal
Avira Savapi

Problem Overview
================
Technical Risk: high
Likelihood of Exploitation: high
Vendor: Avira Operations GmbH & Co. KG
Credits: LSE Leading Security Experts GmbH employees Markus Vervier
and Eric Sesterhenn
Advisory URL: http://www.lsexperts.de/advisories/lse-2013-06-13.txt
Advisory Status: Public
CVE-Number: CVE-2013-4602

Problem Description
===================
While conducting a penetration test on a customer system LSE Leading
Security Experts GmbH discovered a Denial of Service vulnerability and
possible memory corruption in the Avira AntiVir Engine.
By scanning specially crafted PDF documents, a bug can be triggered
which causes an endless loop in the scanning engine.

Temporary Workaround and Fix
============================
LSE Leading Security Experts GmbH advises to install the latest
updates via the update functionality. The fix for this issue was
released by Avira Operations GmbH on 2013-06-11.

Problem Impact
==============
When scanning specially crafted PDF documents an endless loop is
caused in the Avira AntiVir scanning engine. This allows an attacker
to stall the antivirus engine and prevent malicious files from being
detected.
Additionally an attacker may be able to cause the antivirus engine to
consume all available resources on the system. In case of enterprise
setups like for example mailgateways an effective Denial of Service
attack can be launched on the whole system.
LSE Leading Security Experts GmbH will provide additional details
including a proof of concept on a later date to protect affected
customers.

History
=======
2013-06-05 Problem discovery during penetration testing
2013-06-06 Original vendor contacted
2013-06-06 Vulnerability confirmed by vendor
2013-06-11 Updated Engine Released
2013-06-13 CVE-2013-4602 assigned
2013-06-13 Coordinated Advisory Release
- --
http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel.: +49 (0) 6151 86086-0, Fax: -299,
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther, Dr. Peter Schill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJRucGlAAoJEDgSCSGZ4yd8czUQALx7SSxJHOL/yNXIruEE+ZO6
uSwsnMlfKZc9Pp4+D7aTvdeA8ZYIbHgDJ9V/lHBXu08d496PaBDcxClvyMqKn/DF
fnT4rylPfuCLvA9qfPLQtswUMzzM5GeC97+xb+7J0zTXIkDkH+7k6uodzEdmVhsn
qVt+qWaO1CEbjEKIkQ4kirbvScNRTF3BlJcJsvPtI4vmrssLyUTeVm5Gamx47LfE
S25i3zMkqIH9yJTJoJNKWwXlnzpRjVxpUyN/ZmcvwXgXzFmJ3Q3b6Bt4cVquw0O9
/EPZWQmd6z+qe3Z3QC0Q2UabNWW/lqvsyliguF0gwc/X+HXPVGQtJ+AIieg0HwB6
QLTeYHuJXl/ZYaKCqMFFSX/0ZHhUsOMUZWa9FQlfAmXOvvWe2gIz8Q7zIVJAUmqR
s9Zxj6NMtYw/PiQNxEmSVypudYS+lD05eYqldPZtTsByf7gVd/RRlJzhXVznxWxZ
eqBWys6wrhnVfWvArhOJQqWsCrrI7by0GXDavQ+Ar6wYa9ovvPQDDUp8kfdZNEoV
k6WOH8YYu6942uxZF39dFUbx7Gk+GU4lgzcmNtXx62sU9S63zG07gWl98zcpgR0N
IpMITxyyYa0QJ23Ig07D+QQpOjPQN4wnJSqVwnpED1dumTaUrYSgm8GTgSP7wm7n
6Gvy3ghRtVKuQja0qwrY
=BxkJ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close