|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200410-31] Archive::Zip: Virus detection evasion Vulnerability Assessment Details
|
[GLSA-200410-31] Archive::Zip: Virus detection evasion |
||
Archive::Zip: Virus detection evasion Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200410-31 (Archive::Zip: Virus detection evasion) Archive::Zip can be used by email scanning software (like amavisd-new) to uncompress attachments before virus scanning. By modifying the uncompressed size of archived files in the global header of the ZIP file, it is possible to fool Archive::Zip into thinking some files inside the archive have zero length. Impact A possible hacker could send a carefully crafted ZIP archive containing a virus file and evade detection on some email virus-scanning software relying on Archive::Zip for decompression. Workaround There is no known workaround at this time. References: http://www.idefense.com/application/poi/display?id=153 http://rt.cpan.org/NoAuth/Bug.html?id=8077 Solution: All Archive::Zip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-perl/Archive-Zip-1.14" Network Security Threat Level: Low Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
Cables, Connectors |
LSI 9305-16i SATA SAS 12Gbs RAID Controller PCIe 3.0 x8 IT-Mode 4* 8643 SATA
$229.99
ACASIS 2.5/3.5 inch 2 Bay SATA USB 3.0 Hard Drive Disk HDD SSD Enclosure 4 RAID
$58.99
Lot of 4 - Genuine Dell (62P9H) PERC H710 512MB Mini Blade 6Gbps SAS Raid
$49.99
HPE 869102-001 Smart Array E208i-a SR Gen10 Storage Controller RAID SP: 871039
$129.99
Inspur LSI 9300-8i Raid Card 12Gbps HBA HDD Controller High Profile IT MODE
$15.98
LSI MegaRAID 9361-8i 12Gb PCIe 8-Port SAS/SATA RAID 1Gb w/BBU/CacheVault/License
$39.95
SANS DIGITAL TOWER RAID TR4MP Silver, cables included
$88.99
LSI MegaRAID 9361-8i 12Gbps PCIe 3 x8 SATA SAS 3 8 Port RAID + BBU & CacheVault
$39.00
ORICO Multi Bay RAID Hard Drive Enclosure USB 3.0/ Type-C For 2.5/3.5'' HDD SSDs
$179.99
Adaptec - ASR-7805 6Gbs SAS- PCI EXPRESS 3.0 X8 -1GB Cache RAID Controller Card
$23.39
|
||
No Discussions have been posted on this vulnerability. |