Avast antivirus for Linux multiple vulnerabilities.
Multiple buffer overflows were discovered in the GNU/Linux
version of Avast when analyzing corrupted ISO and RPM files.
Avast for Workstations v1.0.8 Trial versions, possibly others.
Remove DoS, possibly remote code execution.
On September 24th 2008, the vendor stated :
"With (the) mentioned version of avast4workstation 1.0.8_2, indeed,
this bug existed. It was a stack-overflow, caused by cycling over
intertwined directories on corrupted ISO files. All versions built
since 22.1.2008 have this fixed. Thanks for your report."
This vulnerability was discovered by Security Researcher
Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.
First private disclosure to vendor on September 18th 2008.
First vendor reply on September 19th 2008.
On September 23th 2008, the vendor claims to have fixed the problem :
"my colleague identified the problem few minutes ago as a bug which was
fixed 22. Jan 2008."
On October 15th 2008, the vulnerable trial version link hasn't been updated: