Intrusion Prevention

HAURI.Anti-Virus.Compressed.Files.Directory.Traversal

Description

A directory traversal vulnerability in HAURI Anti-Virus products, including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.

Affected Products

ViRobot Expert 4.0
ViRobot Advanced Server
ViRobot Linux Server 2.0
HAURI LiveCall

Impact

Successful exploitation allows writing of files to arbitrary
directories, which can potentially lead to code execution (e.g. by
overwriting certain startup files), but requires that compressed file
scanning is enabled.

Recommended Actions

Apply patches.
ViRobot Linux Server 2.0:
http://www.globalhauri.com/html/download/down_unixpatch.html
ViRobot Expert 4.0 / ViRobot Advanced Server / LiveCall:
Updated version available via online update is still vulnerable when
scanning certain archive types.
Disable compressed file scanning and scan files only after they have
been confirmed not to contain directory traversal sequences in their
filenames and correctly extracted.

CVE References

CVE-2005-2670