Hosting Provided By

Re: Regarding F-Prot for Linux

From: Knud Erik Højgaard <kain(at)ircop.dk>
Date: Wed Feb 26 2003 - 18:17:49 EST

F-Prot Antivirus Technical Support wrote:

> In response to an advisory posted on vuln-dev indicating security

As you made clear in the original advisory[1]. I repeat it for clarity:

--
Dear Knud,
Thank you for your mail.
This as bean fixed.
best regards,
Arnar Thor
--

> The problem was in insufficient bounds checking on the filename



Not a security threat-> certain applications-> suid bit.
May i ask what 'certain application' the suid bit would be applied to?

> However, default installations and use of F-Prot" Antivirus with



They are vulnerable to the bug, which in itself is sort of useless, hence
the title '
f-prot antivirus useless buffer overflow'

> Also, the advisory stated that the latest available version of F-Prot



I did say, and I quote,

F-Prot FreeBSD for Small Business [TM] 3.12b, released on Sep. 30th 2002,
the latest available at the time of writing, is known to be vulnerable.
end quote.

Note the part about 'at the time of writing.

This is in no way meant to be interpreted as hostility, I'm just a sucker
for clarity.

[1] available at  
http://kokanins.homepage.dk/f-prot_antivirus.txt
--
Knud

Received on Thu Feb 27 13:02:50 2003

This message: [ Message body ]
Next message: Dave Aitel: "makeunicode2.py release announcement"
In reply to F-Prot Antivirus Technical Support: "Regarding F-Prot for Linux"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT