普通人 - 2005-10-4 12:43:00
【转帖】卡巴暴严重漏洞!!!
刚刚从安全站点"FrSIRT"看到的消息....以下是原文(今天又补充了一些):
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical // 漏洞等级:严重
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-03
* Technical Description * //漏洞描述
A critical vulnerability has been identified in various Kaspersky Anti-Virus products, which could be exploited by attackers or malware to execute arbitrary commands. This issue is due to a heap overflow error in the CAB file format parser that does not properly handle a specially crafted file containing a malformed header, which could be exploited by attackers to execute arbitrary commands and compromise a vulnerable system (e.g. by sending an email containing a malicious CAB file). //大意是一个严重的漏洞被发现在卡吧的各种产品中, 攻击者可以随心所欲利用这个漏洞执行各种命令, 这个是有一个cab文件格式剖析器出现堆积溢出错误, 这种剖析器不能适当的处理包括有特别,格式header的文件, 攻击者可以发送含有恶意cab文件的email来执行程序, 危及到系统安全
* Affected Products * //受影响的版本
Kaspersky Anti-Virus 4.x
Kaspersky Anti-Virus 5.x
Kaspersky SMTP-Gateway 5.x
* Solution * //暂无补丁
The FrSIRT is not aware of any official supplied patch.
原文地址: http://www.cemsg.com/p/20051004.php
C++果冻 - 2005-10-4 12:53:00
真的假的??
我的卡巴……
ヘ网络农民ヘ - 2005-10-4 13:03:00
..........
暗之触龙神 - 2005-10-4 13:32:00
希望赶快出补丁,不然用着不放心啊
661230 - 2005-10-4 16:35:00
那个杀软又没有漏洞那。只是没有人找罢了,大家说那?
chinagood - 2005-10-4 17:05:00
无语,世界第一也会~~~~金无足赤啊!
我是天才陈叙 - 2005-10-4 18:14:00
~~~~~~~是真的吗,5.0.383也有?
闪电风暴 - 2005-10-4 18:29:00
卡巴快点升级补上洞啊
傲气雄鹰 - 2005-10-4 19:24:00
新闻是真的,而且这次是针对引擎的漏洞,比较严重,2年前我也看到过有人发出一个针对AVP引擎漏洞的病毒包,里面1000多病毒AVP一个也查不出来,谁叫AVP树大招风呢
不过话说回来,AVP在目前中国名气虽大,离世界第一还差得远
pweot - 2005-10-4 19:59:00
我个人觉的用MACFEE好用
心如大海 - 2005-10-4 20:31:00
| 引用: |
【661230的贴子】那个杀软又没有漏洞那。只是没有人找罢了,大家说那?
........................... |
是啊。
taylor05771 - 2005-10-4 20:45:00
是真的
C++果冻 - 2005-10-4 21:16:00
那怎么办,换回用瑞星?弄来弄去好麻烦的
暗之触龙神 - 2005-10-4 21:29:00
换来换去的很麻烦,今天换掉了卡巴,要是明天有消息说瑞星有漏洞,再换掉瑞星,麻烦不?!最主要还是看上网时的安全意识.偶决定还是用卡巴.
C++果冻 - 2005-10-4 21:32:00
| 引用: |
【暗之触龙神的贴子】换来换去的很麻烦,今天换掉了卡巴,要是明天有消息说瑞星有漏洞,再换掉瑞星,麻烦不?!最主要还是看上网时的安全意识.偶决定还是用卡巴.
........................... |
言之有理,我还有防火墙呢
香水蛋蛋 - 2005-10-4 22:22:00
哦买噶的,树大招风,没办法,希望早点出补救办法。
C++果冻 - 2005-10-4 23:21:00
香水蛋蛋 - 2005-10-4 23:49:00
等升级包吧。
batyya - 2005-10-5 0:19:00
Kaspersky Lab comments on a report regarding a vulnerability in the company's antivirus products
There has recently been a wide-ranging discussion in the mass media about a report by Alex Wheeler, an independent researcher, that a vulnerability related to processing files of the CAB format has been discovered in Kaspersky Lab antivirus products. Taking into account the close attention of the computer community, Kaspersky Lab considers it necessary to provide official comments on the incident.
The company confirms the presence of a vulnerability in a Kaspersky Anti-Virus module used to process CAB files. Taking advantage of this vulnerability results in a malfunction of the antivirus program. This effect is present only in the Windows environment and does not affect other operating systems.
At the same time, Kaspersky Lab specialists have taken measures to eliminate the threat related to the CAB module vulnerability. First of all, on receiving the relevant data, the virus analyst team within a short time period created a package of signatures that detect possible exploits of this vulnerability (procedures that use the vulnerability to compromise a computer). This set of signatures was added to the antivirus databases of Kaspersky Anti-Virus on September 29, significantly reducing the chances of successful use of the CAB vulnerability exploits. Furthermore, no attempts to create and distribute such exploits have been recorded to date. In this connection, it should be noted that Alex Wheeler, who discovered the vulnerability in question, has not provided demonstration code that uses it.
All in all, based on the above factors it can be stated that the actual threat posed by the CAB vulnerability is minimal and cannot affect the level of antivirus protection provided by Kaspersky Lab products.
Kaspersky Lab experts are currently developing an emergency update of the company's antivirus products which include the CAB module affected by the vulnerability. The revised list of such products includes: Kaspersky Anti-Virus Personal 5.0, Kaspersky Anti-Virus Personal Pro 5.0, Kaspersky Anti-Virus 5.0 for Windows Workstations, Kaspersky Anti-Virus 5.0 for Windows File Servers, Kaspersky Personal Security Suite 1.1. Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability. Updates eliminating the CAB vulnerability for all the programs listed above will be released in the second half of October 5th, 2005 and will be available for installation using standard updating procedures.
Kaspersky Lab is also a known provider of antivirus solutions for OEM and technology partners. Majority of solutions distributed by Kaspersky Lab OEM and technology partners does not incorporate the vulnerable module and thus is not affected. Furthermore the signature database update released by Kaspersky Lab on 29th of September prevents potential attacks by detecting and neutralizing the malicious code of a possible exploit before system can be affected. This countermeasure provides necessary level of protection for potentially vulnerable systems until the software update is released.
04 Oct 2005
C++果冻 - 2005-10-5 10:05:00
马上就会修复了
http://forum.ikaka.com/topic.asp?board=33&artid=7258265
woaizhaoli - 2005-10-5 12:13:00
楼猪/你个SB.有困难来找别人帮.别人有困难发贴.你连顶都不帮顶.你快去死吧.谁帮你
© 2000 - 2026 Rising Corp. Ltd.
