##############################################################################
#
#  Avast! Antivirus Engine Remote LHA Buffer Overflow Vulnerability
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2006/09/08
#
#  $Revision: 1.1 $
# 
#  $Log: os2a_avast_remote_lha_bof_603077.nasl,v $
#  Revision 1.1  2006/09/08 13:49:34  ksjayesh
#  To production
#
#  Revision 1.1  2006/09/08 08:42:43  schandan
#  Issue #2978
#
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(603077);
 script_bugtraq_id(19903);
 script_copyright(english:"Copyright (C) 2006 OS2A");
 script_version("$Revision: 1.1 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Misc.");
 script_name(english:"Avast! Antivirus Engine Remote LHA Buffer Overflow Vulnerability");
 script_summary(english:"Check for vulnerable version Avast! Antivirus");
 desc["english"] = "
 Overview : This host hast Avast! Antivirus Product installed, which is prone
 to buffer overflow vulnerability.

 This flaw occurs when combining the file name and directory name extended
 header fields of LHA files, which leads to heap overflow due to insufficient
 checks on data taken as input from the file while processing LHA archives.
  
 Impact : Successful exploitation results in local/remote arbitrary code
 execution.

 Scope of impact is restricted to application/system level.
 
 Affected Software : Avast! Antivirus Home/Professional prior to 4.7.869
		     Avast! Antivirus Server prior to 4.7.660

 Affected Platform : Windows (any).

 Solution : Update Avast! Antivirus Products to below,
            - Home/Professional to version 4.7.869 or later.
	    - Server to version 4.7.660
            http://www.avast.com/eng/programs.html

 References : http://www.hustlelabs.com/advisories/04072006_alwil.pdf

 CVSS Score :
 	CVSS Base Score     : 5.2 (AV:R/AC:L/Au:NR/C:P/I:N/A:P/B:A)
    	CVSS Temporal Score : 4.1
 Risk factor : Medium";
 script_description(english:desc["english"]);
 script_dependencies("smb_hotfixes.nasl", "os2a_avast_ace_bof_600290.nasl");
 script_require_keys("SMB/WindowsVersion", "AvastAntiVirus/Home/Version");
 exit(0);
}


 if(!get_kb_item("SMB/WindowsVersion")){
        exit(0);
 }

 avastHomeVersion = get_kb_item("AvastAntiVirus/Home/Version");
 if(avastHomeVersion)
 {
        if(ereg(pattern:"^4\.([0-6]\..*|7\.([0-7]?[0-9]?[0-9]|8[0-5][0-9]|" +
			"86[0-8]))$", string:avastHomeVersion))
	{
		security_warning(0);
		exit(0);
        }
 }

 avastServerVersion = get_kb_item("AvastAntiVirus/Server/Version");
 if(avastServerVersion)
 {
	if(ereg(pattern:"^4\.([0-6]\..*|7\.([0-5]?[0-9]?[0-9]))$",
		string:avastServerVersion)){
		security_warning(0);
	}
 }