|
|
| |
Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-07-072.html
|
| |
The specific flaws exist in the AntiVirus agent which listens on a random high TCP port. The avirus.exe service protocol reads a user-supplied ASCII integer value as an argument to a memory allocation routine. The specified size is added to without any integer overflow checks and can therefore result in an under allocation. A subsequent memory copy operation can then corrupt the heap and eventually result in arbitrary code execution.
Vendor Response:
Novell has issued an update to correct this vulnerability. More details can be found at:
https://secure-support.novell.com/KanisaPlatform/Publishing/990/3639135_f.SAL_Public.html
Disclosure Timeline:
2007.02.16 - Vulnerability reported to vendor
2007.12.10 - Coordinated public release of advisory
CVE Information:
CVE-2007-6302
|
|
|
