Bugtraqmailing list archives

By Date

By Thread

[TZO-08-2009] Bitdefender generic bypass/evasion

______________________________________________________________________  From the low-hanging-fruit-department - Bitdefender bypass/evasion______________________________________________________________________Release mode: Coordinated but limited disclosure.Ref         : TZO-082009 - Bitdefender Evasion CABWWW         :http://blog.zoller.lu/2009/04/bitdefender-generic-bypassevasion-cab.htmlVendor      :http://www.bitdefender.comSecurity notification reaction rating : GoodNotification to patch window : 1 day (!)Intersting backround statistics:Time required to coordinate disclosure and write the advisory: 2 hoursTime required to find the bug : 10 minutesDisclosure Policy :http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.htmlAffected products : - Bitdefender Antivirus 2009 (pre update 13/04/2009)- Bitdefender Internet Security 2009 (pre update 13/04/2009)- Bitdefender Total Security 2009 (pre update 13/04/2009)- Bitdefender Small Office Security (pre update 13/04/2009)- Bitdefender for Fileservers (pre update 13/04/2009)- Bitdefender for Samba (pre update 13/04/2009)- Bitdefender for Sharepoint (pre update 13/04/2009)- Bitdefender Security for Exchange (pre update 13/04/2009)- Bitdefender Security for Mailservers (pre update 13/04/2009)- Bitdefender for ISA Servers (pre update 13/04/2009)- Bitdefender Client security (pre update 13/04/2009)Bundles:- BitDefender Business Security (pre update 13/04/2009)- Bitdefender Antivirus for Unices (pre update 13/04/2009)- Bitdefender Corporate Security (pre update 13/04/2009)- Bitdefender SBS Security (pre update 13/04/2009)I. Background~~~~~~~~~~~~~BitDefender™  provides  security  solutions  to  satisfy  the    protectionrequirements  of  today's  computing  environment,   delivering   effectivethreat management for over 41 million home  and  corporate  users  in  morethan 100 countries. BitDefender, a division of SOFTWIN,   is  headquarteredin Bucharest, Romania and has offices in  Tettnang,   Germany,   Barcelona,United  Kingdom,   Denmark,   Spain  and  Fort  Lauderdale  (FL),      USA.II. Description~~~~~~~~~~~~~~~The parsing engine can be bypassed by a specially crafted and formatedCAB archive. Details are currently witheld due to other vendors that are in process of deploying patches.III. Impact~~~~~~~~~~~A general description of the impact and nature of AV Bypasses/evasionscan be read at :http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.htmlThe bug results in denying the engine the possibility to inspectcode within the CAB archive. There is no inspection of the contentat all.IV. Disclosure timeline~~~~~~~~~~~~~~~~~~~~~~~~~13/04/2009 : Send proof of concept, description the terms under which              I cooperate and the planned disclosure date                         14/04/2009 : Bitdefender responds that the problem was fixed by an              automatic update on the 13/04/2009                         16/04/2009 : Asked what product line and version has been affected and             a CVE number.           15/04/2009 : Bitdefender states that "All  our  products are affected              by this problem. We don't have a CVE number".17/04/2009 : Release of this advisory

By Date

By Thread

Current thread:

• [TZO-08-2009] Bitdefender generic bypass/evasionThierry Zoller (Apr 17)