I. BACKGROUND

According to the vendor "F-Prot TM is a quick and easy to use antivirus
software package, specially designed to protect your data from virus
infection and to remove any virus that may have infected your computersystem."
F-prot is available from www.f-prot.com.

II. DESCRIPTION

Insufficient bounds checking leads to execution of arbitrary code. 
perl exploit follows this document.

III. ANALYSIS

Since f-prot is not suid/sgid the overflowing of the command line pose no 
initial danger unless the admin interferes, and setting +s on strange
binaries must be considered inappropriate at the least.

IV. DETECTION

F-Prot FreeBSD for Small Business [TM] 3.12b, released on Sep. 30th 2002,
the latest available at the time of writing, is known to be vulnerable.

V. WORKAROUND

below

VI. VENDOR FIX

[mail received from vendor 6/2-03]

Dear Knud,
Thank you for your mail.
This as bean fixed.
best regards,
Arnar Thor

VII. CVE INFORMATION

unknown

VIII. DISCLOSURE TIMELINE

who cares

IX. CREDIT

knud