Archive Formats Kill Antivirus Products 115
nemiloc sends us to the F-Secure blog for breaking news about widespread vulnerabilities in programs that process archive files: "The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors — including several antivirus vendors... including us." Here is test material from OUSPG and a joint advisory from Finnish and English security organizations. It isn't news that security products can have have security vulnerabilities. What makes this advisory important is that antivirus software is a perfect target. It is run in critical places with high privileges and auto-updates to keep versions coherent.
Re:why bother checking archives anyways? (Score:2, Informative)
There's breakage and there's breakage (Score:5, Informative)
1. "I had an exception processing file ABC.ZIP, skipping file,"
2. Crashing and dying without handling the exception, and
3. Being exploited due to an unexpected condition.
The first lets viruses hide in carefully-mis-crafted archives.
The second lets viruses deactivate antivirus software.
The third lets viruses 0wn j00.
Some AV software is smart enough to log instances of #1.
Old Problem (Score:5, Informative)
Re:Proofread? (Score:-1, Informative)
Re:Secure Platform without Anti-virus (Score:3, Informative)
Hrm (Score:5, Informative)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0308 [nist.gov]
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0309 [nist.gov]
Re:Hrm (Score:2, Informative)
Re:Secure Platform without Anti-virus (Score:3, Informative)
Re:isn't this where unix shines (Score:3, Informative)
Re:Archive Formats Kill Antivirus Products (Score:0, Informative)
Re:There's breakage and there's breakage (Score:2, Informative)
Re:Secure Platform without Anti-virus (Score:5, Informative)