发布时间 :1999-05-05 00:00:00
修订时间 :2016-10-17 22:02:08

[原文]NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus definition file during an update via FTP, but it reports that the update was successful, which could cause a system administrator to believe that the definitions have been updated correctly.

[CNNVD]NAI VirusScan升级漏洞(CNNVD-199905-011)

        在使用FTP更新病毒库期间,NAI VirusScan NT 4.0.2不能正确的修改scan.dat病毒定义的文件,但是根据报告升级是成功的,该漏洞将导致系统管理员认为定义已正确更新完毕。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  19990505 NAI AntiVirus Update Problem
(UNKNOWN)  NTBUGTRAQ  19990505 NAI AntiVirus Update Problem

- 漏洞信息

NAI VirusScan升级漏洞
中危 未知
1999-05-05 00:00:00 2005-10-20 00:00:00
        在使用FTP更新病毒库期间,NAI VirusScan NT 4.0.2不能正确的修改scan.dat病毒定义的文件,但是根据报告升级是成功的,该漏洞将导致系统管理员认为定义已正确更新完毕。

- 公告与补丁

        Upgrade to VirusScan for Windows NT 4.0.3a or later.

- 漏洞信息

NAI VirusScan NT scan.dat Update Modification Failure
Remote / Network Access Race Condition, Other
Loss of Integrity Upgrade
Exploit Public Vendor Verified, Coordinated Disclosure

- 漏洞描述

VirusScan NT contains a flaw that may cause a user to have out of date virus signatures, making remote context-dependent attacks more successful. The issue is due to the FTP-based update mechanism sometimes failing to properly update the antivirus signatures (in scan.dat), but still indicating that the signatures are updated. This gives the user a false sense of security and outdated signatures.

- 时间线

1998-10-29 Unknow
1998-10-29 1998-10-29

- 解决方案

Upgrade to version 4.0.3a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NAI VirusScan Update Vulnerability
Unknown 169
No Yes
1999-05-05 12:00:00 2009-07-11 12:16:00
This vulnerability was discovered by Simple Nomad <> and published in the NMRC "NAI AntiVirus Update Problem".

- 受影响的程序版本

Network Associates VirusScan for Windows NT 4.0.2
Network Associates VirusScan for Windows NT 4.0.3 a

- 不受影响的程序版本

Network Associates VirusScan for Windows NT 4.0.3 a

- 漏洞讨论

A vulnerability in Network Associates VirusScan for Windows NT stops it from updateting the virus signature definition files under certain conditions while it reports that it is up to date.

NAI's VirusScan features an option that allows the virus signature file to be updates automatically via FTP. A race condition in the code stops the program from correctly updating the definition file yet it fails to notice this error and updates the log as if the file was sucessufully updated and any subsequent updates will inform the user they are up to date. The error cannot be reproduced consistently.

To check that the file is being updated correctly go to the About box fromt he AntiVirus Console and read the latest date next to the text "Created On". If this date does not change after a manual or automatic update you are vulnerable.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

Upgrade to VirusScan for Windows NT 4.0.3a or later.

- 相关参考