Wednesday, March 7, 2007

Kaspersky UPX vulnerability revealed

Problem processing packed files led to infinite loop.

Details of a flaw in UPX processing in the Kaspersky anti-virus engine have been made available, a month after the release of a patch to fix the problem.

The vulnerability, which was reported by iDefense, could be exploited by a maliciously created file to cause the software to go into an infinite loop, leading to denial of service on email servers running Kaspersky scanning in their filters, to degradation of performance on other servers and possible total loss of processing on desktop machines.

Kaspersky is the second vendor to be hit by a UPX-related vulnerability this year, after a similar issue hit Trend Micro in early February.

The flaw was patched by Kaspersky within a few weeks of the initial report, and all users should be automatically protected via automatic updates. The iDefense alert on the problem is here, and details from Secunia are here.

Post a Comment