Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29463
HistoryJun 17, 2013 - 12:00 a.m.

LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine

2013-06-1700:00:00
vulners.com
25
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===

Avira AntiVir Engine – Denial of Service / Filtering Evasion

Affected Versions

Avira AntiVir Engine < 8.2.12.58

Affected products using the AntiVir engine are:

Avira Server Security
Avira AntiVir MailGate
Avira AntiVir MailGate Suite
Avira Exchange Security
Avira AntiVir WebGate
Avira AntiVir WebGate Suite
Avira AntiVir SharePoint
Avira Professional Security
Avira AntiVir Personal
Avira Savapi

Problem Overview

Technical Risk: high
Likelihood of Exploitation: high
Vendor: Avira Operations GmbH & Co. KG
Credits: LSE Leading Security Experts GmbH employees Markus Vervier
and Eric Sesterhenn
Advisory URL: http://www.lsexperts.de/advisories/lse-2013-06-13.txt
Advisory Status: Public
CVE-Number: CVE-2013-4602

Problem Description

While conducting a penetration test on a customer system LSE Leading
Security Experts GmbH discovered a Denial of Service vulnerability and
possible memory corruption in the Avira AntiVir Engine.
By scanning specially crafted PDF documents, a bug can be triggered
which causes an endless loop in the scanning engine.

Temporary Workaround and Fix

LSE Leading Security Experts GmbH advises to install the latest
updates via the update functionality. The fix for this issue was
released by Avira Operations GmbH on 2013-06-11.

Problem Impact

When scanning specially crafted PDF documents an endless loop is
caused in the Avira AntiVir scanning engine. This allows an attacker
to stall the antivirus engine and prevent malicious files from being
detected.
Additionally an attacker may be able to cause the antivirus engine to
consume all available resources on the system. In case of enterprise
setups like for example mailgateways an effective Denial of Service
attack can be launched on the whole system.
LSE Leading Security Experts GmbH will provide additional details
including a proof of concept on a later date to protect affected
customers.

History

2013-06-05 Problem discovery during penetration testing
2013-06-06 Original vendor contacted
2013-06-06 Vulnerability confirmed by vendor
2013-06-11 Updated Engine Released
2013-06-13 CVE-2013-4602 assigned
2013-06-13 Coordinated Advisory Release

http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel.: +49 (0) 6151 86086-0, Fax: -299,
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschaftsfuhrer: Oliver Michel, Sven Walther, Dr. Peter Schill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJRucGlAAoJEDgSCSGZ4yd8czUQALx7SSxJHOL/yNXIruEE+ZO6
uSwsnMlfKZc9Pp4+D7aTvdeA8ZYIbHgDJ9V/lHBXu08d496PaBDcxClvyMqKn/DF
fnT4rylPfuCLvA9qfPLQtswUMzzM5GeC97+xb+7J0zTXIkDkH+7k6uodzEdmVhsn
qVt+qWaO1CEbjEKIkQ4kirbvScNRTF3BlJcJsvPtI4vmrssLyUTeVm5Gamx47LfE
S25i3zMkqIH9yJTJoJNKWwXlnzpRjVxpUyN/ZmcvwXgXzFmJ3Q3b6Bt4cVquw0O9
/EPZWQmd6z+qe3Z3QC0Q2UabNWW/lqvsyliguF0gwc/X+HXPVGQtJ+AIieg0HwB6
QLTeYHuJXl/ZYaKCqMFFSX/0ZHhUsOMUZWa9FQlfAmXOvvWe2gIz8Q7zIVJAUmqR
s9Zxj6NMtYw/PiQNxEmSVypudYS+lD05eYqldPZtTsByf7gVd/RRlJzhXVznxWxZ
eqBWys6wrhnVfWvArhOJQqWsCrrI7by0GXDavQ+Ar6wYa9ovvPQDDUp8kfdZNEoV
k6WOH8YYu6942uxZF39dFUbx7Gk+GU4lgzcmNtXx62sU9S63zG07gWl98zcpgR0N
IpMITxyyYa0QJ23Ig07D+QQpOjPQN4wnJSqVwnpED1dumTaUrYSgm8GTgSP7wm7n
6Gvy3ghRtVKuQja0qwrY
=BxkJ
-----END PGP SIGNATURE-----

Related

cve 1
prion 1
cve
cve
CVE-2013-4602
2020-02-12 22:15:00
prion
prion
Denial of service
2020-02-12 22:15:00
JSON
Related for SECURITYVULNS:DOC:29463
cve1prion1