Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 253822 (CVE-2008-6661) - app-antivirus/bitdefender-console: remote DOS/code execution (CVE-2008-6661)
Summary: app-antivirus/bitdefender-console: remote DOS/code execution (CVE-2008-6661)
Status: RESOLVED FIXED
Alias: CVE-2008-6661
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/33240/
Whiteboard: B1 [glsa]
Keywords:
: 265409 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-01-05 09:39 UTC by Stefan Behte (RETIRED)
Modified: 2014-12-12 00:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-05 09:42:20 UTC
Sorry, forgot the text from the ivizsecurity Advisory:

Multiple integer overflows were discovered in the GNU/Linux version of Bitdefender when analyzing corrupted PE binaries packed with neolite and asprotect packers.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-01-13 12:45:42 UTC
lordvan/wschlich, is anyone from your herd touching this package?
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-21 09:02:30 UTC
Timeline for B1 is 5 days.
Antivirus, please advice!
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2009-02-11 23:32:09 UTC
Anyone alive?!
Comment 5 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-04-08 08:13:38 UTC
*** Bug 265409 has been marked as a duplicate of this bug. ***
Comment 6 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-04-08 08:19:04 UTC
CVE-2008-6661 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661):
  Multiple integer overflows in the scanning engine in Bitdefender for
  Linux 7.60825 and earlier allow remote attackers to cause a denial of
  service (crash) or possibly execute arbitrary code via a malformed
  (1) NeoLite and (2) ASProtect packed PE file.
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2010-01-03 16:40:05 UTC
Security, I've lastrited this. 

It's outdated, can't find download link, noone cares.
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2010-01-03 17:38:35 UTC
If anyone wants to have a look at this:

URL: http://www.bitdefender.com/media/html/en/unicesportal/

As far as I see, the downloadable version is 8.0 (seems outdated, only usable privately).
Comment 9 Samuli Suominen (RETIRED) gentoo-dev 2010-02-13 18:55:27 UTC
This has been removed from Portage, and bug 195614 was converted to "New package" request if someone is willing to take this over later on.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2010-10-06 13:23:37 UTC
GLSA request filed.
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-01-22 12:53:25 UTC
Package gone from cvs.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 00:20:25 UTC
This issue was resolved and addressed in
 GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).