I would like to see a comment about the ‘schedule’ of patching the three listed unpatched problems with avast 4 by Secunia.

1. avast! Linux Home Edition Insecure Temporary File Creation. Release Date: 2006-04-18. http://secunia.com/product/9378/
2. avast! Antivirus 4.x Insecure Default File Permissions. Release Date: 2006-03-20. http://secunia.com/product/5162/
3. avast! for Kerio 4.x Anti-Virus Engine Malformed ZIP/CAB Archive Virus Detection Bypass. Release Date: 2005-10-13. http://secunia.com/product/5852/

For me, the third is not that important ;D

As far as I’m aware item 2. this is the escalating permissions issue that was patched some time ago. They are calling it Secunia Advisory ID: SA19284 Unpatched, however if you follow that through to SA19284 it points to the avast topic http://forum.avast.com/index.php?topic=19862.0.

If you remember this was the cause of some problems where the fix for this caused the winNT and win2k users to get the can’t access the folder (permissions) and that was the subject of another patch for the winNT and win2k users.

So I don’t know how Secunia update their advisories or is it down the the software vendor to inform them (I think not) ?

A good occasion to do that if this is truth
Waiting Alwil answers…

1. Don’t know (try to ask dublin in the Linux forum)
2. Should be fixed for some time
3. I don’t know much about the Kerio version, but I think the whole thing was bound to an old version of the antivirus kernel; since the latest Kerio version is from 31.5.2006 according to our webpage, I believe it’s fixed for a long time now (besides, I’m reluctant to call this thing a “vulnerability” at all).

I’ll do it…

Good.

Ok.

Thanks Igor