Actu
Vigil@nce: F-PROT Antivirus, bypassing via TAR
June 2009 by Vigil@nce
An attacker can create a TAR archive containing a virus which is
not detected by F-PROT products.
Severity: 2/4
Consequences: data flow
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/06/2009
IMPACTED PRODUCTS
– F-PROT Antivirus
DESCRIPTION OF THE VULNERABILITY
F-PROT products detect viruses contained in TAR archives.
However, an attacker can create a slightly malformed archive,
which can still be opened by Winzip tools, but which cannot be
opened by the antivirus.
An attacker can therefore create a TAR archive containing a virus
which is not detected by F-PROT products.
CHARACTERISTICS
Identifiers: BID-35355, TZO-33-2009, VIGILANCE-VUL-8794
http://vigilance.fr/vulnerability/F-PROT-Antivirus-bypassing-via-TAR-8794
