Avast Antivirus Device Driver Memory Overwriting Vulnerability

Hi,

I don’t know if this was already discussed, so…

http://www.securiteam.com/windowsntfocus/5QP0P2KFPO.html

Regards

Thank you, Friend. I don’t know if someone said this here. The good new is the patch. The bad new is the silence from Alwil. But the Author don’t describe the attack: the machine was protected by a firewall (the standard configuration of a normal machine)? What is the amount of time in which Avast was under attack? etcetera…

This is not a network attack so if the firewall is installed or not is not very relevant. The malicious application trying to overwrite the memory must be already running on your PC. Vlk will surely provide more info if needed, but from the version history it should be this:

  • more stringent checking of parameters passed into all avast! kernel mode drivers

I think this is a strange test, not real, not credible in the normal use at all. A malware inside a machine… coming from nowhere? :o

It won’t be bad… In fact, I’ll thank him if he could post something…
Silence, if it was an answer, is not good for avast reputation.
Anyway, we’ll be happy to know this is a false alarm 8)

Now why should they tell everyone,WEEE OUR SOFTWARE HAS A HOLE,USE IT!!!.
The were silent and fixed the problem without big fuss. Update for this was released quiet some time ago (probably version 4.6.665). It’s fine with me.

RejZor, the problem was fixed (says the tester). I think is honest behavior to keep tuned the customers: when I pay for a software I want understand what I’m using and what is better I do for keep secure my pc; Alwil know that we trust in their efficience. Can you drive a car if you have doubts about the efficience of the wheels or the brakes? However, my idea is that there was not a great danger for us because all intelligent users scan every file (also from floppies and cd-rom or dvd-rom) before (I hope! ::slight_smile: )

No,although we can most of the time compare software with cars, this is not the case.
If your car has a “vulnerability” no one will sabotage it. If antivirus has it it’s most likely that someone will make use of it. Now if they live in belief that some software has no holes,they won’t even try to use them. If they know that software has it, they’ll try to find it and use it. avast! is still not so popular as Norton (for example), so it’s not that critical.

I agree with you in the view of the vendor (“honour of the brand!”). I live in the EU (you the same) and I know my rights. Many great companies call for repairs of the cars when one person find a failure in some part, before someone die. This is the sense of my words. Before the patch, Alwil can say to all users who pay (they have our email addresses) for the software:“Sorry, guys, we have a problem. Please, be calm and look for this symptoms… etcetera”. If we begin to make the sophisms, well… but this is not politic or philosophy, is responsible marketing and customer care.

I really don’t understand what this thread is about… honestly.

avast! kernel driver didn’t verify all its input arguments thoroughly enough - which could (theoretically) be abused to raise your user privileges on the machine (i.e. an “evil” user, having account on a machine running avast!, could use a special piece of code and become an Administrator, for example). The omission has been quickly fixed and it was noted in the history. What else is there to do?

Even if the patch was not that quick, it would certainly be a very bad idea to send this information to the users - it’s rather unlikely that the “bad guys” would discover and abuse the weakness at the same time [as the problem was reported]; however, spreading the information to public raises the probability of abusal significantly. The analogy with cars certainly doesn’t match - the user doesn’t have to take his computer back to the shop and let it repaired so that he/she doesn’t get killed. The solution here is to wait for the fix and update to the latest version, which is exactly what you’d so even without knowing, right? There are no “symptoms” here to look for…

Btw, I really don’t think this is anything special… the same problem has just been found in Kaspersky, for example, and I believe it wouldn’t be that hard to find the same omission in other products.

Thanks for the reply. It was an ethical question not a technical question, I think…

ADDED: my analogy with car is only an analogy. but is truth that a pc is like a depot: more expensive to lose data than a car, in many cases. We heard notice by other Forum… the world knew but we was in the darkness… is not amusing

I just saw this on that website and decided to inform the users for that.

I didn’t know if this was fixed or not, and my intention was not to criticize or to say badly of avast!.

Well, I didn’t really mean the original post, but rather the following discussion.
Anyway, it’s just my opinion. 8)