|Summary:||app-antivirus/bitdefender-console: remote DOS/code execution (CVE-2008-6661)|
|Product:||Gentoo Security||Reporter:||Stefan Behte (RETIRED) <craig>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Stefan Behte (RETIRED) 2009-01-05 09:39:18 UTC
Comment 1 Stefan Behte (RETIRED) 2009-01-05 09:42:20 UTC
Sorry, forgot the text from the ivizsecurity Advisory: Multiple integer overflows were discovered in the GNU/Linux version of Bitdefender when analyzing corrupted PE binaries packed with neolite and asprotect packers.
Comment 2 Robert Buchholz (RETIRED) 2009-01-13 12:45:42 UTC
lordvan/wschlich, is anyone from your herd touching this package?
Comment 3 Stefan Behte (RETIRED) 2009-01-21 09:02:30 UTC
Timeline for B1 is 5 days. Antivirus, please advice!
Comment 4 Stefan Behte (RETIRED) 2009-02-11 23:32:09 UTC
Comment 5 Alex Legler (RETIRED) 2009-04-08 08:13:38 UTC
*** Bug 265409 has been marked as a duplicate of this bug. ***
Comment 6 Alex Legler (RETIRED) 2009-04-08 08:19:04 UTC
CVE-2008-6661 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661): Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed (1) NeoLite and (2) ASProtect packed PE file.
Comment 7 Samuli Suominen (RETIRED) 2010-01-03 16:40:05 UTC
Security, I've lastrited this. It's outdated, can't find download link, noone cares.
Comment 8 Stefan Behte (RETIRED) 2010-01-03 17:38:35 UTC
If anyone wants to have a look at this: URL: http://www.bitdefender.com/media/html/en/unicesportal/ As far as I see, the downloadable version is 8.0 (seems outdated, only usable privately).
Comment 9 Samuli Suominen (RETIRED) 2010-02-13 18:55:27 UTC
This has been removed from Portage, and bug 195614 was converted to "New package" request if someone is willing to take this over later on.
Comment 10 Stefan Behte (RETIRED) 2010-10-06 13:23:37 UTC
GLSA request filed.
Comment 11 Mikle Kolyada 2014-01-22 12:53:25 UTC
Package gone from cvs.
Comment 12 GLSAMaker/CVETool Bot 2014-12-12 00:20:25 UTC
This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle).