wraggster
March 11th, 2013, 21:18
Kaspersky Lab has acknowledged that a bug within its latest internet security software has the potential to be exploited, which can result in a freeze of the system's operating system.
The bug, which is contained within Kaspersky Internet Security 2013 and other Kaspersky products that offer firewall functionality, is vulnerable to specifically designed IPv6 packets, believes security researcher Marc Heuse, posting the findings in a security advisory (http://seclists.org/fulldisclosure/2013/Mar/36).
"A fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system," said Heuse, "No log message or warning window is generated, nor is the system able to perform any task."
IPv6 is enabled by default within Windows Vista and newer Windows operating systems, in addition to both Mac OS and Linux, but its use across the wider web is currently limited, so the number of systems at risk is relatively low. However, systems continue to be vulnerable over local networks, as IPv6 addresses are assigned by default.
Acknowledging the bug, Kaspersky issued a statement, stating: "After receiving feedback from the researcher, Kaspersky Lab quickly fixed the error," the firm said.
"A private patch is currently available on demand and an auto patch will soon be released to fix the problem automatically on every computer protected by Kaspersky Internet Security 2013."
Despite acknowledging the bug, Heuse claims he originally warned the firm of the bug back in January, and again in February, but received no response.
http://www.pcr-online.biz/news/read/kaspersky-warns-of-ipv6-bug-that-can-cause-pc-freeze/030469
The bug, which is contained within Kaspersky Internet Security 2013 and other Kaspersky products that offer firewall functionality, is vulnerable to specifically designed IPv6 packets, believes security researcher Marc Heuse, posting the findings in a security advisory (http://seclists.org/fulldisclosure/2013/Mar/36).
"A fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system," said Heuse, "No log message or warning window is generated, nor is the system able to perform any task."
IPv6 is enabled by default within Windows Vista and newer Windows operating systems, in addition to both Mac OS and Linux, but its use across the wider web is currently limited, so the number of systems at risk is relatively low. However, systems continue to be vulnerable over local networks, as IPv6 addresses are assigned by default.
Acknowledging the bug, Kaspersky issued a statement, stating: "After receiving feedback from the researcher, Kaspersky Lab quickly fixed the error," the firm said.
"A private patch is currently available on demand and an auto patch will soon be released to fix the problem automatically on every computer protected by Kaspersky Internet Security 2013."
Despite acknowledging the bug, Heuse claims he originally warned the firm of the bug back in January, and again in February, but received no response.
http://www.pcr-online.biz/news/read/kaspersky-warns-of-ipv6-bug-that-can-cause-pc-freeze/030469