The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 18.104.22.168, Antiy Labs AVL SDK 22.214.171.124, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 126.96.36.199, Comodo Antivirus 7424, Emsisoft Anti-Malware 188.8.131.52, F-Prot Antivirus 184.108.40.206, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 220.127.116.11, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 18.104.22.168, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 22.214.171.124, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 126.96.36.199, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20188.8.131.52 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 184.108.40.2064, Trend Micro HouseCall 220.127.116.114, VBA32 18.104.22.168, and VirusBuster 22.214.171.124 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center