The parsing engine in Bitdefender can be bypassed by a specially crafted and formatted CAB archive. The bug results in denying the engine the possibility to inspect code within the CAB archive. There is no inspection of the content at all.The parsing engine in Bitdefender can be bypassed by a specially crafted and formatted CAB archive. The bug results in denying the engine the possibility to inspect code within the CAB archive. There is no inspection of the content at all.
ddecd2cf5fc9845db8845c9acc356945dc8128e6106ec9e79fbafd2c19b5fdd0______________________________________________________________________
From the low-hanging-fruit-department - Bitdefender bypass/evasion
______________________________________________________________________
Release mode: Coordinated but limited disclosure.
Ref : TZO-082009 - Bitdefender Evasion CAB
WWW : http://blog.zoller.lu/2009/04/bitdefender-generic-bypassevasion-cab.html
Vendor : http://www.bitdefender.com
Security notification reaction rating : Good
Notification to patch window : 1 day (!)
Intersting backround statistics:
Time required to coordinate disclosure and write the advisory: 2 hours
Time required to find the bug : 10 minutes
Disclosure Policy :
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
Affected products :
- Bitdefender Antivirus 2009 (pre update 13/04/2009)
- Bitdefender Internet Security 2009 (pre update 13/04/2009)
- Bitdefender Total Security 2009 (pre update 13/04/2009)
- Bitdefender Small Office Security (pre update 13/04/2009)
- Bitdefender for Fileservers (pre update 13/04/2009)
- Bitdefender for Samba (pre update 13/04/2009)
- Bitdefender for Sharepoint (pre update 13/04/2009)
- Bitdefender Security for Exchange (pre update 13/04/2009)
- Bitdefender Security for Mailservers (pre update 13/04/2009)
- Bitdefender for ISA Servers (pre update 13/04/2009)
- Bitdefender Client security (pre update 13/04/2009)
Bundles:
- BitDefender Business Security (pre update 13/04/2009)
- Bitdefender Antivirus for Unices (pre update 13/04/2009)
- Bitdefender Corporate Security (pre update 13/04/2009)
- Bitdefender SBS Security (pre update 13/04/2009)
I. Background
~~~~~~~~~~~~~
BitDefender™ provides security solutions to satisfy the protection
requirements of today's computing environment, delivering effective
threat management for over 41 million home and corporate users in more
than 100 countries. BitDefender, a division of SOFTWIN, is headquartered
in Bucharest, Romania and has offices in Tettnang, Germany, Barcelona,
United Kingdom, Denmark, Spain and Fort Lauderdale (FL), USA.
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by a specially crafted and formated
CAB archive. Details are currently witheld due to other vendors that are
in process of deploying patches.
III. Impact
~~~~~~~~~~~
A general description of the impact and nature of AV Bypasses/evasions
can be read at :
http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html
The bug results in denying the engine the possibility to inspect
code within the CAB archive. There is no inspection of the content
at all.
IV. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~
13/04/2009 : Send proof of concept, description the terms under which
I cooperate and the planned disclosure date
14/04/2009 : Bitdefender responds that the problem was fixed by an
automatic update on the 13/04/2009
16/04/2009 : Asked what product line and version has been affected and
a CVE number.
15/04/2009 : Bitdefender states that "All our products are affected
by this problem. We don't have a CVE number".
17/04/2009 : Release of this advisory
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed