Avira AntiVir Engine Denial Of Service / Filter Evasion

2013.06.15
Credit: LSE
Risk: Medium
Local: Yes
Remote: No
CWE: N/A

=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 === Avira AntiVir Engine -- Denial of Service / Filtering Evasion - ------------------------------------------------------------- Affected Versions ================= Avira AntiVir Engine < 8.2.12.58 Affected products using the AntiVir engine are: Avira Server Security Avira AntiVir MailGate Avira AntiVir MailGate Suite Avira Exchange Security Avira AntiVir WebGate Avira AntiVir WebGate Suite Avira AntiVir SharePoint Avira Professional Security Avira AntiVir Personal Avira Savapi Problem Overview ================ Technical Risk: high Likelihood of Exploitation: high Vendor: Avira Operations GmbH & Co. KG Credits: LSE Leading Security Experts GmbH employees Markus Vervier and Eric Sesterhenn Advisory URL: http://www.lsexperts.de/advisories/lse-2013-06-13.txt Advisory Status: Public CVE-Number: CVE-2013-4602 Problem Description =================== While conducting a penetration test on a customer system LSE Leading Security Experts GmbH discovered a Denial of Service vulnerability and possible memory corruption in the Avira AntiVir Engine. By scanning specially crafted PDF documents, a bug can be triggered which causes an endless loop in the scanning engine. Temporary Workaround and Fix ============================ LSE Leading Security Experts GmbH advises to install the latest updates via the update functionality. The fix for this issue was released by Avira Operations GmbH on 2013-06-11. Problem Impact ============== When scanning specially crafted PDF documents an endless loop is caused in the Avira AntiVir scanning engine. This allows an attacker to stall the antivirus engine and prevent malicious files from being detected. Additionally an attacker may be able to cause the antivirus engine to consume all available resources on the system. In case of enterprise setups like for example mailgateways an effective Denial of Service attack can be launched on the whole system. LSE Leading Security Experts GmbH will provide additional details including a proof of concept on a later date to protect affected customers. History ======= 2013-06-05 Problem discovery during penetration testing 2013-06-06 Original vendor contacted 2013-06-06 Vulnerability confirmed by vendor 2013-06-11 Updated Engine Released 2013-06-13 CVE-2013-4602 assigned 2013-06-13 Coordinated Advisory Release - -- http://www.lsexperts.de LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt Tel.: +49 (0) 6151 86086-0, Fax: -299, Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649 Geschftsfhrer: Oliver Michel, Sven Walther, Dr. Peter Schill

References:

http://cxsecurity.com/issue/WLB-2013050096


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top