Detections
Analytics

GLSA-200410-31 : Archive::Zip: Virus detection evasion

high Nessus Plugin ID 15587

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200410-31 (Archive::Zip: Virus detection evasion)

 Archive::Zip can be used by email scanning software (like amavisd-new) to uncompress attachments before virus scanning. By modifying the uncompressed size of archived files in the global header of the ZIP file, it is possible to fool Archive::Zip into thinking some files inside the archive have zero length.
 Impact :

 An attacker could send a carefully crafted ZIP archive containing a virus file and evade detection on some email virus-scanning software relying on Archive::Zip for decompression.
 Workaround :

 There is no known workaround at this time.

Solution

All Archive::Zip users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=dev-perl/Archive-Zip-1.14'

See Also

http://www.nessus.org/u?b74b0112

https://rt.cpan.org/Public/Bug/Display.html?id=8077

https://security.gentoo.org/glsa/200410-31

Plugin Details

Severity: High

ID: 15587

File Name: gentoo_GLSA-200410-31.nasl

Version: 1.22

Type: local

Published: 11/1/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:archive-zip, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 10/29/2004

Reference Information

CVE: CVE-2004-1096

GLSA: 200410-31