TITLE: eTrust Antivirus Zip Archive Virus Detection Bypass Vulnerability SECUNIA ADVISORY ID: SA12877
VERIFY ADVISORY: http://secunia.com/advisories/12877/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: BrightStor ARCserve Backup Release 11 (for Windows) http://secunia.com/product/3099/ eTrust Antivirus 6.x http://secunia.com/product/4088/ eTrust Antivirus 7.x http://secunia.com/product/2198/ eTrust InoculateIT 6.x for Windows http://secunia.com/product/70/ eTrust InoculateIT 6.x for Linux http://secunia.com/product/2993/ eTrust Intrusion Detection 3.x http://secunia.com/product/3390/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/ EZ Armor 2.x http://secunia.com/product/4092/ EZ-Antivirus 6.x http://secunia.com/product/4091/ DESCRIPTION: A vulnerability has been reported in eTrust Antivirus, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error in the decompression engine (Arclib.dll) when parsing .zip archive headers and can be exploited via a specially crafted .zip archive where the uncompressed size of the archived file has been modified within the local and global headers. Successful exploitation causes malware in a specially crafted .zip archive to pass the scanning functionality undetected. NOTE: This is not a critical issue on client systems, as the malware still is detected upon execution by the eTrust Antivirus Real-Time scanner. SOLUTION: Apply fixes. CA InoculateIT 6.0 and eTrust Antivirus r6.0 (all platforms including Notes/Exchange): http://supportconnectw.ca.com/premium/antivirus/downloads/nt/6.0/etavnt_60.asp eTrust Antivirus r7.0 (all platforms including Notes/Exchange): http://supportconnectw.ca.com/premium/antivirus/downloads/nt/7.0/etavwinnt_70.asp eTrust Antivirus r7.1 (all platforms including Notes/Exchange): http://supportconnectw.ca.com/premium/antivirus/downloads/nt/7.1/etavwinnt_71.asp eTrust Antivirus for the Gateway r7.0 (all modules and platforms) http://supportconnectw.ca.com/premium/antivirus/downloads/gateway/etavgateway_70.asp eTrust Antivirus for the Gateway r7.1 (all modules and platforms) http://supportconnectw.ca.com/premium/antivirus/downloads/gateway/etavgateway_71.asp eTrust Secure Content Manager (all releases) http://supportconnectw.ca.com/premium/etrust/etrust_scm/downloads/etrustscm_updates.asp eTrust Intrusion Detection (all releases) http://supportconnectw.ca.com/premium/etrust/etrust_intrusion/downloads/eid-solpatch_r30.asp EZ-Armor versions 2.0 / 2.3 / 2.4 and EZ-Antivirus versions 6.1 / 6.2 / 6.3: http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=2220 BrightStor ARCserve Backup (BAB) r11.1 Windows: http://supportconnectw.ca.com/premium/storage/downloads/nt/111/basb111-patchmenu.asp ORIGINAL ADVISORY: CA: http://supportconnectw.ca.com/public/ca_common_docs/arclib_vuln.asp iDEFENSE: http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
