TUCoPS :: Security App Flaws :: va2050.htm

AVG antivirus for Linux vulnerability
AVG antivirus for Linux vulnerability
AVG antivirus for Linux vulnerability


-----------------------------------------------------------------------
[ iViZ Security Advisory 08-014                            10/12/2008 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
http://www.ivizsecurity.com 
-----------------------------------------------------------------------

* Title:     AVG antivirus for Linux vulnerability
* Date:      10/12/2008
* Software:  AVG version 7.5.51

--[ Synopsis:

    AVG antivirus can be deterministically forced to crash
    (segmentation fault) when analyzing corrupted UPX files.


--[ Affected Software:

  * AVG for Linux version 7.5.51 (current), possibly others.

--[ Impact:

    Remote DoS, possibly remote code execution.

--[ Vendor response:

  * None.

--[ Credits:

    This vulnerability was discovered by Security Researcher
    Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.

--[ Disclosure timeline:

  * First attempt to contact the vendor on September 18th 2008.
  * Received an automated reply on September 18th 2008.
  * No actual reponse from vendor in spite of our multiple emails.

--[ Reference:

http://www.ivizsecurity.com/security-advisory.html

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH