Security Advisories
Bitdefender antivirus for Linux multiple vulnerabilities.
Synopsis
Multiple integer overflows were discovered in the GNU/Linux
version of Bitdefender when analyzing corrupted PE binaries
packed with neolite and asprotect packers.
Affected Software
Bitdefender for GNU/Linux version 7.60825 and earlier.
Non Affected Software
Bitdefender for GNU/Linux version after v7.60825 and newer.
Impact
Remote DoS, possibly remote code execution.
Vendor Response
The vendor acknowledged the problems and fixed them
in the latest versions of the product.
Credits
This vulnerability was discovered by Security Researcher
Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.
Disclosure Timeline
First private disclosure to vendor on September 19th 2008.
First vendor reply on September 19th 2008 : Without asking for any PoC,
The BitDefender Support Team states that "This has been fixed in latest version".
September 19th 2008 : We manage to repeat crash with the updated version of the scanner.
September 19th 2008 : We send a PoC to the vendor.
September 23th 2008 : Vendor states "Yes, the issue was reproduced in the lab and it
seems that was an engine problem."
September 24th 2008 : Problem fixed in latest version
|
