• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor Antivirus Software Zip Files Detection Evasion Vulnerability

Solution:
Various vendors have released updates and corrected this issue. Other vendors are reported to release fixes in the near future. Please see references and contact the vendor for more information.

Gentoo Linux has released an advisory (GLSA 200410-31) that fixes the Archive-Zip package and apparently resolves this issue. Gentoo Linux advises that all Archive::Zip users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/Archive-Zip-1.14"

For more information please see the referenced Gentoo Linux advisory.

Mandrake Linux has released an advisory (MDKSA-2004:118) dealing with this issue in their perls Archive::Zip package. Please see the referenced advisory for more information.

SuSE Linux has released a fixed version of perls Archive::Zip module to resolve this issue.


Computer Associates eTrust Secure Content Manager 1.0

• Computer Associates eTrust Secure Content Manager Solutions & Patches
  http://supportconnectw.ca.com/premium/etrust/etrust_scm/downloads/etru stscm_updates.asp

Computer Associates eTrust Secure Content Manager 1.0 SP1

• Computer Associates eTrust Secure Content Manager Solutions & Patches
  http://supportconnectw.ca.com/premium/etrust/etrust_scm/downloads/etru stscm_updates.asp

Computer Associates eTrust Secure Content Manager 1.1

• Computer Associates eTrust Secure Content Manager Solutions & Patches
  http://supportconnectw.ca.com/premium/etrust/etrust_scm/downloads/etru stscm_updates.asp

Archive::Zip Archive::Zip 1.13

• SuSE perl-Archive-Zip-1.14-3.1.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/perl-Archive-Zip- 1.14-3.1.i586.rpm

Computer Associates eTrust Intrusion Detection 1.4.1 .13

• Computer Associates eTrust Intrusion Detection Solutions & Patches
  http://supportconnectw.ca.com/premium/etrust/etrust_intrusion/download s/eid-solpatch_r30.asp

Computer Associates eTrust Intrusion Detection 1.4.5

• Computer Associates eTrust Intrusion Detection Solutions & Patches
  http://supportconnectw.ca.com/premium/etrust/etrust_intrusion/download s/eid-solpatch_r30.asp

Computer Associates eTrust Intrusion Detection 1.5

• Computer Associates eTrust Intrusion Detection Solutions & Patches
  http://supportconnectw.ca.com/premium/etrust/etrust_intrusion/download s/eid-solpatch_r30.asp

MandrakeSoft Linux Mandrake 10.1

• Mandrake perl-Archive-Zip-1.14-1.0.101mdk.noarch.rpm
  Mandrake Linux 10.1 & 10.1/X86_64
  http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 10.1 x86_64

• Mandrake perl-Archive-Zip-1.14-1.0.101mdk.noarch.rpm
  Mandrake Linux 10.1 & 10.1/X86_64
  http://www.mandrakesecure.net/en/ftp.php

Computer Associates eTrust EZ Armor 2.0

• Computer Associates eTrust EZ Antivirus - Arclib.dll Zip File Vulnerability
  http://crm.my-etrust.com/CIDocument.asp?KDId=2220&GUID=E5BF5D4D1D6F40C 9B5C098F56E5CF221

Computer Associates eTrust EZ Armor 2.3

• Computer Associates eTrust EZ Antivirus - Arclib.dll Zip File Vulnerability
  http://crm.my-etrust.com/CIDocument.asp?KDId=2220&GUID=E5BF5D4D1D6F40C 9B5C098F56E5CF221

Computer Associates eTrust EZ Armor 2.4

• Computer Associates eTrust EZ Antivirus - Arclib.dll Zip File Vulnerability
  http://crm.my-etrust.com/CIDocument.asp?KDId=2220&GUID=E5BF5D4D1D6F40C 9B5C098F56E5CF221

McAfee Antivirus Engine 4.3.20

• McAfee Antivirus Engine DATS 4398
  For home (retail) users.
  http://download.mcafee.com/uk/updates/updates.asp


• McAfee Antivirus Engine DATS 4398
  For business (enterprise) users.
  http://www.mcafeesecurity.com/uk/downloads/updates/dat.asp?id=1

Computer Associates InoculateIT 6.0

• Computer Associates eTrust Antivirus 6.0 for Windows NT/2000/XP Solutions & Patches
  http://supportconnectw.ca.com/premium/antivirus/downloads/nt/6.0/etavn t_60.asp

Computer Associates eTrust EZ Antivirus 6.1

• Computer Associates eTrust EZ Antivirus - Arclib.dll Zip File Vulnerability
  http://crm.my-etrust.com/CIDocument.asp?KDId=2220&GUID=E5BF5D4D1D6F40C 9B5C098F56E5CF221

Computer Associates eTrust EZ Antivirus 6.2

• Computer Associates eTrust EZ Antivirus - Arclib.dll Zip File Vulnerability
  http://crm.my-etrust.com/CIDocument.asp?KDId=2220&GUID=E5BF5D4D1D6F40C 9B5C098F56E5CF221

Computer Associates eTrust EZ Antivirus 6.3

• Computer Associates eTrust EZ Antivirus - Arclib.dll Zip File Vulnerability
  http://crm.my-etrust.com/CIDocument.asp?KDId=2220&GUID=E5BF5D4D1D6F40C 9B5C098F56E5CF221

Computer Associates eTrust Antivirus for the Gateway 7.0

• Computer Associates eTrust Antivirus 7.0 for Gateway Solutions & Patches
  http://supportconnectw.ca.com/premium/antivirus/downloads/gateway/etav gateway_70.asp

Computer Associates eTrust Antivirus 7.0

• Computer Associates eTrust Antivirus 7 for Windows NT/2000/XP Solutions & Patches
  http://supportconnectw.ca.com/premium/antivirus/downloads/nt/7.0/etavw innt_70.asp

Computer Associates eTrust Antivirus 7.1

• Computer Associates eTrust Antivirus 7.1 for Windows NT/2000/XP Solutions & Patches
  http://supportconnectw.ca.com/premium/antivirus/downloads/nt/7.1/etavw innt_71.asp

Computer Associates eTrust Antivirus for the Gateway 7.1

• Computer Associates eTrust Antivirus 7.1 for Gateway Solutions & Patches
  http://supportconnectw.ca.com/premium/antivirus/downloads/gateway/etav gateway_71.asp