Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1739
HistoryJun 20, 2001 - 12:00 a.m.

SECURITY.NNOV: KAV (AVP) for sendmail format string vulnerability

2001-06-2000:00:00
vulners.com
47
JSON

Hello ,

Topic: Format string vulnerability in AVP for sendmail
Author: 3APA3A <[email protected]>
Affected Software: KAV* for sendmail 3.5.135.2
Vendor: Kaspersky Lab
Vendor Notified: 30 May 2001
Risk: High/Average
Remotely Exploitable: Yes
Impact: DoS/Remote root compromise
Released: 06 June 2001
Vendor URL: http://www.kaspersky.com
SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories

*KAV - "Kaspersky AntiVirus" formerly known as AVP.

Background:

KAV for sendmail is antiviral product of Kaspersky Lab's KAV suit
(formerly known as AVP) one of very few commercially available
multiplatform antiviral products for servers, workstations, CVP
Firewalls and messaging systems (Exchange, Lotus, Sendmail, QMail,
Postfix) under DOS, Windows 95/98/ME/NT/2000, OS/2, Linux, FreeBSD,
BSDI and soon for Solaris (feel free to contact [email protected]
if you need it for different platform).

Problem:

While testing this software by permission of Kaspersky Lab, format
string bug was found in syslog() call in avpkeeper

/usr/local/share/AVP/avpkeeper/avpkeeper

utility.

Impact:

Intruders can cause Denial of Service and potentially can execute code
remotely with root or group mail privileges depending on installation
(code execution is not trivial, if possible, because format string
must conform RFC 2822 e-mail address requirements to bypass sendmail
and no source code is available).

Workaround:

Diasable syslog. In avpkeeper.ini set
usesyslog=no

Vendor:

Kaspersky Lab was contacted on May, 30. Patched version was delivered
in 24 hours, but no alerts were sent to users and no fixes were made
available for public download. Vendor was also informed on few
potential local race conditions with mktemp()/mkdtemp().

Solution:

Since AVP for Unix products are not open source and are not available
for free download please contact [email protected] to get patches
for registered version of KAV/AVP or demo version.

This advisory is being provided to you under the policy documented at
http://www.wiretrip.net/rfp/policy.html.


http://www.security.nnov.ru
/\_/\
{ . . } |\
±-oQQo->{ ^ }<-----+ \
| 3APA3A U 3APA3A }
±------------o66o–+ /
|/
You know my name - look up my number (The Beatles)

JSON