Kaspersky AV bug can cause remote freeze, patch readied

Published March 11, 2013 3:16pm

Users of Kaspersky Labs' products with firewall functionality, including its Internet Security 2013, were warned against a bug on the software that can allow an attacker to remotely freeze computers running it.

Kaspersky Labs acknowledged the bug and is working on a patch that it plans to roll out soon, tech site PC World reported on Monday.

"After receiving feedback from the researcher, Kaspersky Lab quickly fixed the error. A private patch is currently available on demand and an autopatch will soon be released to fix the problem automatically on every computer protected by Kaspersky Internet Security 2013," PC World quoted the company as saying via email.

PC World said attackers can exploit the bug using a modified IPv6 (Internet Protocol Version 6) packet to computers running Kaspersky Internet Security 2013.

Security researcher Marc Heuse posted details of the issue on the Full Disclosure mailing list.

In his post, Heuse said that if IPv6 connectivity is enabled, "a fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system."

Worse, he said no log message or warning window is generated, and the system is unable to perform any task.

Heuse also said that while he does not wish to write security advisories, "Kaspersky did not react."

PC World noted IPv6 support is enabled by default for Windows Vista and later, in many Linux distributions and even in Mac OS.

Yet, it said IPv6 adoption on the Internet is relatively low at the moment, "so the number of computers that are publicly accessible over IPv6 is not very high."

"However, most computers are accessible over IPv6 on local networks and have local IPv6 addresses assigned to them by default," it said. — TJD, GMA News

Tags: kaspersky, antivirus,