ISS X-Force Database: hauri-ace-vrazace-bo(22005): HAURI vrAZace.dll library buffer overflow

HAURI vrAZace.dll library buffer overflow

hauri-ace-vrazace-bo (22005)

High Risk

Description:

HAURI LiveCall is vulnerable to a stack-based buffer overflow in the processing of the ACE decompression library, vrAZace.dll. By scanning a malicious ACE archive that contains a compressed file including a file name of more than 272 characters, a remote attacker could overflow a buffer and execute arbitrary code on the system.

Platforms Affected:

HAURI, HAURI LiveCall
HAURI, ViRobot Advanced Server
HAURI, ViRobot Linux Server 2.0
ViRobot, ViRobot Expert 4.0

Remedy:

For ViRobot Linux Server 2.0:
Apply the patch for this vulnerability, available from the HAURI Download Web page. See References.

For ViRobot Expert 4.0, ViRobot Advanced Server, and HAURI LiveCall:
Upgrade to the latest version 5.8.22.137 or later, available from the ViRobot Web page. See References.

Consequences:

Gain Access

References:

BugTraq Mailing List: Wed Aug 24 2005 - 03:29:52 CDT, Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow at http://archives.neohapsis.com/archives/bugtraq/2005-08/0315.html.
HAURI LiveCall, The AntiVirus Wizards of HAURI at http://www.globalhauri.com/html/products/livecall.html.
ViRobot Web page, The AntiVirus Wizards of HAURI at http://www.globalhauri.com/html/products/fs_advanced.html.
BID-14647: HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow Vulnerability
CVE-2005-2720: Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.
SA16488: HAURI Anti-Virus ACE Archive Handling Buffer Overflow

Reported:

Aug 24, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page