Vulnerability 83639 - CERT Civis.Net

Vulnerability Name:

CCN-83639

Published:

2005-05-31

Updated:

2005-05-31

Summary:

Multiple vendors could allow a remote attacker to bypass security restrictions, caused by a vulnerability related to unfiltered escape sequences in filenames. By persuading a victim to open a malicious ZIP archive containing a specially-crafted filename, an attacker could exploit this vulnerability to bypass scanning detection and possibly launch further attacks on the vulnerable system.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: AERAsec Network Services and Security GmbH
Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning

Source: CCN
Type: AVG Web site
AVG Antivirus and Security Software

Source: CCN
Type: Clam AntiVirus Web site
ClamAV

Source: CCN
Type: BID-12793
Multiple Vendor Antivirus Products Malformed ZIP Archive Scan Evasion Vulnerability

Source: CCN
Type: Trend Micro Web site
Trend Micro InterScan VirusWall

Source: XF
Type: UNKNOWN
multiple-zip-archive-sec-bypass(83639)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:clamav:clamav:0.65:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.83:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.84:rc2:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.51:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.52:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.53:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.54:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.60:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.60p:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.67:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.68:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.68.1:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.70:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.71:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.72:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.73:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.74:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.75:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.75.1:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.80:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.80:rc1:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.80:rc3:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.80:rc4:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.81:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.82:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.84:*:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.80:rc:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.84:rc1:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.80:rc2:*:*:*:*:*:*

OR cpe:/a:clamav:clamav:0.81:rc1:*:*:*:*:*:*

OR cpe:/a:avg:avg_anti-virus:7.1.308:*:*:*:*:*:*:*

OR cpe:/a:avg:avg_anti-virus:7.0.251:*:*:*:*:*:*:*

OR cpe:/a:avg:avg_anti-virus:7.0:*:*:*:*:*:*:*

OR cpe:/a:avg:avg_anti-virus:6.0.710:*:*:*:*:*:*:*

Denotes that component is vulnerable