---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Ahnlab V3 Antivirus Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15674 VERIFY ADVISORY: http://secunia.com/advisories/15674/ CRITICAL: Highly critical IMPACT: Security Bypass, Privilege escalation, System access WHERE: >From remote SOFTWARE: AhnLab V3 VirusBlock 2005 http://secunia.com/product/5701/ AhnLab V3Net for Windows Server 6.x http://secunia.com/product/5700/ AhnLab V3Pro http://secunia.com/product/5699/ DESCRIPTION: Secunia research has discovered some vulnerabilities in AhnLab V3 Antivirus, which can be exploited by malicious, local users to gain escalated privileges, or by malicious people to compromise a vulnerable system. 1) The real-time scan driver, v3flt2k.sys, does not validate the source of received "DeviceIoControl()" commands. This can be exploited by non-administrative users to run explorer.exe with SYSTEM privileges, or to disable the real-time scan engine, via specially crafted DeviceIoControl requests, 2) A boundary error in the ACE archive decompression library can be exploited to cause a stack-based buffer overflow when a malicious ACE archive containing a compressed file with an overly long filename is scanned. Successful exploitation allows execution of arbitrary code, but requires that compressed file scanning is enabled. 3) A directory traversal error in the archive decompression library can be exploited to write files to arbitrary directories when a malicious archive containing compressed files with directory traversal sequences in their filenames is scanned. Vulnerability #2 and #3 are related to: SA14359 The vulnerabilities have been confirmed in the following products: * AhnLab V3Pro 2004 (Build 6.0.0.383) * AhnLab V3 VirusBlock 2005 (Build 6.0.0.383) * AhnLab V3Net for Windows Server 6.0 (Build 6.0.0.383) SOLUTION: Update to version 6.0.0.457 via online update. PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research ORIGINAL ADVISORY: AhnLab: http://info.ahnlab.com/english/advisory/01.html Secunia Research: http://secunia.com/secunia_research/2005-17/advisory/ OTHER REFERENCES: SA14359: http://secunia.com/advisories/14359/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------