Search This Blog

Tuesday, December 11, 2007

[NEWS] Novell NetMail AntiVirus Agent Multiple Heap Overflow Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

Novell NetMail AntiVirus Agent Multiple Heap Overflow Vulnerabilities
------------------------------------------------------------------------


SUMMARY

Vulnerabilities allow attackers to execute arbitrary code on vulnerable
installations of Novell NetMail. User interaction is not required to
exploit this vulnerability.

DETAILS

The specific flaws exist in the AntiVirus agent which listens on a random
high TCP port. The avirus.exe service protocol reads a user-supplied ASCII
integer value as an argument to a memory allocation routine. The specified
size is added to without any integer overflow checks and can therefore
result in an under allocation. A subsequent memory copy operation can then
corrupt the heap and eventually result in arbitrary code execution.

Vendor Response:
Novell has issued an update to correct this vulnerability. More details
can be found at:

<https://secure-support.novell.com/KanisaPlatform/Publishing/990/3639135_f.SAL_Public.html> https://secure-support.novell.com/KanisaPlatform/Publishing/990/3639135_f.SAL_Public.html

Disclosure Timeline:
2007.02.16 - Vulnerability reported to vendor
2007.12.10 - Coordinated public release of advisory

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6302>
CVE-2007-6302


ADDITIONAL INFORMATION

The information has been provided by <mailto:zdi-disclosures@3com.com>
The Zero Day Initiative (ZDI).
The original article can be found at:
<http://www.zerodayinitiative.com/advisories/ZDI-07-072.html>

http://www.zerodayinitiative.com/advisories/ZDI-07-072.html

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)