TITLE: McAfee Anti-Virus Zip Archive Virus Detection Bypass Vulnerability SECUNIA ADVISORY ID: SA12876
VERIFY ADVISORY: http://secunia.com/advisories/12876/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: McAfee WebShield Appliances http://secunia.com/product/278/ SOFTWARE: McAfee WebShield SMTP for NT v4.x http://secunia.com/product/228/ McAfee GroupShield for Exchange 5.5 v5.x http://secunia.com/product/224/ McAfee GroupShield for Exchange 5.5 v4.x http://secunia.com/product/353/ McAfee GroupShield for Exchange 2000 5.x http://secunia.com/product/225/ McAfee GroupShield 6.x for Microsoft Exchange http://secunia.com/product/3615/ McAfee GroupShield for Lotus Domino on AIX 5.x http://secunia.com/product/229/ McAfee GroupShield for Lotus Domino on Windows 5.x http://secunia.com/product/230/ McAfee Netshield for Netware 4.x http://secunia.com/product/227/ McAfee Netshield for NT 4.x http://secunia.com/product/226/ McAfee Virex http://secunia.com/product/274/ McAfee VirusScan 4.x http://secunia.com/product/275/ McAfee VirusScan Enterprise 7.x http://secunia.com/product/264/ McAfee VirusScan Enterprise 8.x http://secunia.com/product/3948/ McAfee VirusScan Professional 7.x http://secunia.com/product/265/ McAfee VirusScan ThinClient http://secunia.com/product/276/ McAfee VirusScan Wireless http://secunia.com/product/277/ DESCRIPTION: A vulnerability has been reported in McAfee Anti-Virus Engine, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error when parsing .zip archive headers and can be exploited via a specially crafted .zip archive where the uncompressed size of the archived file has been modified within the local and global headers. Successful exploitation causes malware in a specially crafted .zip archive to pass the scanning functionality undetected. NOTE: This is not a critical issue on client systems, as the malware still is detected upon execution by the McAfee on-access scanner. SOLUTION: Update to McAfee Anti-Virus Engine DATS driver version 4398 or later. Home (Retail) Users: http://download.mcafee.com/uk/updates/updates.asp Business (Enterprise) Users: http://www.mcafeesecurity.com/uk/downloads/updates/dat.asp?id=1 ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
