Security Advisories
AVG antivirus for Linux
Synopsis
AVG antivirus can be deterministically forced to crash
(segmentation fault) when analyzing corrupted UPX files.
Affected Software
AVG for Linux version 7.5.51 (current), possibly others.
Impact
Remote DoS, possibly remote code execution.
Vendor Response
None.
Credits
This vulnerability was discovered by Security Researcher
Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.
Disclosure Timeline
First attempt to contact the vendor on September 18th 2008.
Received an automated reply on September 18th 2008.
No actual reponse from vendor in spite of our multiple emails.
|
