TUCoPS :: Unix :: General
:: kav1.htm
KAV for sendmail 3.5.135.2 syslog() format string bug
Vulnerability
KAV for sendmail
Affected
KAV for sendmail 3.5.135.2
Description
3APA3A found following. *KAV is a "Kaspersky AntiVirus" formerly
known as AVP. KAV for sendmail is antiviral product of Kaspersky
Lab's KAV suit (formerly known as AVP) one of very few
commercially available multiplatform antiviral products for
servers, workstations, CVP Firewalls and messaging systems
(Exchange, Lotus, Sendmail, QMail, Postfix) under DOS, Windows
95/98/ME/NT/2000, OS/2, Linux, FreeBSD, BSDI and soon for Solaris
(feel free to contact support@kaspersky.com if you need it for
different platform).
While testing this software by permission of Kaspersky Lab, format
string bug was found in syslog() call in avpkeeper
/usr/local/share/AVP/avpkeeper/avpkeeper
utility, which is launched from sendmail to scan and desinfect
messages. Intruders can cause Denial of Service and potentially
can execute code remotely with root or group mail privileges,
depending on sendmail installation (code execution is not trivial,
if possible, because format string must conform RFC 821/2821
e-mail address requirements to bypass sendmail).
Solution
Kaspersky Lab was contacted on May, 30. Patched version was
delivered in 24 hours, but no alerts were sent to users and no
fixes were made available for public download. Vendor was also
informed on few potential local race conditions with mktemp() and
mkdtemp().
Workaround is to diasable syslog. In avpkeeper.ini set
usesyslog=no
Since AVP for Unix products are not open source and are not
available for free download please contact support@kaspersky.com
to get patches for registered version of KAV/AVP or to get demo
version for testing.