Proaktive IT-Sicherheit
- Support für Privatanwender
- Support für Organisationen
- Allgemeine Support-Artikel
- Support issue archive
- Support Forum
- Support-Tools
- Sicherheitsbulletins [EN]
- Security Response
- Authentifizierungs- schlüssel verloren
- Retrieve Installation Key
- Benutzerhandbücher
- Installer
- Norman Training
- Betaversionen [EN]
Vulnerabilites in Norman's compression library (NCL) - BULLETIN REISSUE
8 June 2009
Updated: 23 June 2010
Issue
Norman's compression library (NCL) is unable to decompress certain archives with mangled headers. Formats affected are:
- rar3: Will not scan if a bogus compression method is used. Default to BEST compression method if higher than BEST, or STORED if lower than STORED.
- cab: Will not scan if size of file in header does not match the size of the extracted file. (File is extracted, but the NCLRC_CRC_ERROR is returned from NCL)
Affected software
- Norman Virus Control single user and corporate versions
- Norman Internet Control
- Norman Virus Control E-mail plugins
- Norman Endpoint Protection
- Norman Secuirty Suite
- Norman Network Protection
- Third party software using Norman's compression library
Update status
The vulnerabilities have been fixed in Norman's compression library (NCL) 5.99.07, relased on Norman's Internet update servers as an automatic update 03 June 2009. This solves the vulnerability for all updated Norman's products except Norman Network Protection.
Norman Network Protection started using a compression library (NCL) without this vulnerability 23 November 2009.
No Norman product is as of this vulnerable with respect to this issue.
Acknowledgments
Norman wishes to thank Thierry Zoller (http://zoller.lu) for reporting these vulnerabilities and working with us in identifying them.
Revision history
- 2009-06-08: Advisory created
- 2010-06-23: Advisory reissued (updated with information that NNP is no longer vulnerable)