HAURI.Anti-Virus.Compressed.Files.Directory.Traversal
Description
A directory traversal vulnerability in HAURI Anti-Virus products, including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.
Affected Products
ViRobot Expert 4.0
ViRobot Advanced Server
ViRobot Linux Server 2.0
HAURI LiveCall
Impact
Successful exploitation allows writing of files to arbitrary
directories, which can potentially lead to code execution (e.g. by
overwriting certain startup files), but requires that compressed file
scanning is enabled.
Recommended Actions
Apply patches.
ViRobot Linux Server 2.0:
http://www.globalhauri.com/html/download/down_unixpatch.html
ViRobot Expert 4.0 / ViRobot Advanced Server / LiveCall:
Updated version available via online update is still vulnerable when
scanning certain archive types.
Disable compressed file scanning and scan files only after they have
been confirmed not to contain directory traversal sequences in their
filenames and correctly extracted.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |