<<< Date Index >>>     <<< Thread Index >>>

[IVIZ-08-014] AVG antivirus for Linux vulnerability



-----------------------------------------------------------------------
[ iViZ Security Advisory 08-014                            10/12/2008 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
                                            http://www.ivizsecurity.com
-----------------------------------------------------------------------

* Title:     AVG antivirus for Linux vulnerability
* Date:      10/12/2008
* Software:  AVG version 7.5.51

--[ Synopsis:

    AVG antivirus can be deterministically forced to crash
    (segmentation fault) when analyzing corrupted UPX files.


--[ Affected Software:

  * AVG for Linux version 7.5.51 (current), possibly others.

--[ Impact:

    Remote DoS, possibly remote code execution.

--[ Vendor response:

  * None.

--[ Credits:

    This vulnerability was discovered by Security Researcher
    Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.

--[ Disclosure timeline:

  * First attempt to contact the vendor on September 18th 2008.
  * Received an automated reply on September 18th 2008.
  * No actual reponse from vendor in spite of our multiple emails.

--[ Reference:

    http://www.ivizsecurity.com/security-advisory.html