Computer Security
[EN] securityvulns.ru no-pyccku




Topic:                    Format string vulnerability in AVP for sendmail
Author:                   3APA3A <[email protected]>
Affected Software:        KAV* for sendmail 3.5.135.2
Vendor:                   Kaspersky Lab
Vendor Notified:          30 May 2001
Risk:                     High/Average
Remotely Exploitable:     Yes
Impact:                   DoS/Remote root compromise
Released:                 06 June 2001
Vendor URL:               http://www.kaspersky.com
SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories

 *KAV - "Kaspersky Antivirus" formerly known as AVP.

Background:

KAV  for  sendmail  is  antiviral  product of Kaspersky Lab's KAV suit
(formerly  known  as  AVP)  one  of  very  few  commercially available
multiplatform   antiviral  products  for  servers,  workstations,  CVP
Firewalls  and messaging systems (MS Exchange, Lotus, Sendmail, QMail,
Postfix)  under  DOS,  Windows 95/98/ME/NT/2000, OS/2, Linux, FreeBSD,
BSDI  and soon for Solaris (feel free to contact [email protected]
if you need it for different platform).

Problem:

While  testing  this  software  together  with Kaspersky Lab Test team
format  string  bug  was  found  by  SECURITY.NNOV in syslog() call in
avpkeeper

 /usr/local/share/AVP/avpkeeper/avpkeeper

utility.

Impact:

Intruders can cause Denial of Service and potentially can execute code
remotely  with root or group mail privileges depending on installation
(code  execution  is  not  trivial, if possible, because format string
must  conform  RFC 2821 e-mail address requirements and no source code
is available).

Workaround:

Diasable syslog. In avpkeeper.ini set
 usesyslog=no


Vendor:

Kaspersky  Lab was contacted on May, 30. Patched version was delivered
in  24  hours, but no alerts were sent to users and no fixes were made
available  for  public  download.  Vendor  was  also  informed  on few
potential local race conditions with mktemp()/mkdtemp() functions.

Solution:

Since  AVP for Unix products are not open source and are not available
for  free download please contact [email protected] to get patches
for registered version of KAV/AVP.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod