Avast home and professional were recently updated with fixes for the vulnerability with Bugtraq ID 26702:

http://www.securityfocus.com/bid/26702

But the managed client has not been updated since May 2007. Is the managed client unaffected by the TAR vulnerability? I’ve disabled TAR unpacking for now.

Thanks,

Ben

I may be wildly off here but I wouldn’t have thought that the ADNM is vulnerable to this as it just manages the Pro versions distribution, updates etc.

As The link you provided just indicates avast Home/Pro prior to 4.7.1098 is effected no other product was indicated.

It was the actual antivirus program that was vulnerable to this so if the ADNM is updating all the Pro versions to 4.7.1098 then they aren’t vulnerable.

Yes, it is also vulnerable (although we’re monitoring the situation, and ready to add any exploits to the vulnerability to the VPS as soon as they appear).

A netclient update is due in a couple of days.

Thanks
Vlk

Thanks for the clarification Vlk.

Just to expand on Vlk’s clarification: ADNM doesn’t manage Avast Pro, it manages the “Avast managed client”, which is on a separate version/release schedule from Avast Pro. You can see the different version numbers on Avast’s home page at www.avast.com.