Slashdot Mirror

← Back to Stories (view on slashdot.org)

Archive Formats Kill Antivirus Products

Posted by kdawson on from the fuzz-in-the-zip dept.

nemiloc sends us to the F-Secure blog for breaking news about widespread vulnerabilities in programs that process archive files: "The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors — including several antivirus vendors... including us." Here is test material from OUSPG and a joint advisory from Finnish and English security organizations. It isn't news that security products can have have security vulnerabilities. What makes this advisory important is that antivirus software is a perfect target. It is run in critical places with high privileges and auto-updates to keep versions coherent.

2 of 115 comments (clear)

  1. There's breakage and there's breakage by davidwr · · Score: 5, Informative

    There's

    1. "I had an exception processing file ABC.ZIP, skipping file,"
    2. Crashing and dying without handling the exception, and
    3. Being exploited due to an unexpected condition.

    The first lets viruses hide in carefully-mis-crafted archives.
    The second lets viruses deactivate antivirus software.
    The third lets viruses 0wn j00.

    Some AV software is smart enough to log instances of #1.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  2. Hrm by Shadow-isoHunt · · Score: 5, Informative

    Details on the latest examples
    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0308
    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0309

    --
    www.isoHunt.com