Vulnerability Note VU#363713
Clam AntiVirus contains a buffer overflow vulnerability
A buffer overflow in Clam AntiVirus (ClamAV) may allow a remote attacker to execute arbitrary code.
Clam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV (libclamav/upx.c) may allow a buffer overflow to occur. If a remote attacker sends a specially crafted UPX-packed executable to a vulnerable ClamAV installation, that attacker may be able to trigger the buffer overflow.
A remote attacker may be able to execute arbitrary code with the privileges of the application linked to the ClamAV process. In addition, this vulnerability may prevent ClamAV from detecting malicious UPX-packed executables.
This issue was corrected in ClamAV 0.87.
Do not access UPX-packed executables from untrusted sources
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Clam AntiVirus||Affected||-||20 Oct 2005|
|Debian Linux||Affected||27 Sep 2005||03 Nov 2005|
|FreeBSD, Inc.||Affected||21 Oct 2005||24 Oct 2005|
|Mandriva, Inc.||Affected||27 Sep 2005||28 Sep 2005|
|Ubuntu||Affected||27 Sep 2005||28 Sep 2005|
|F5 Networks, Inc.||Not Affected||21 Oct 2005||24 Oct 2005|
|Hitachi||Not Affected||21 Oct 2005||24 Oct 2005|
|Microsoft Corporation||Not Affected||21 Oct 2005||21 Oct 2005|
|Openwall GNU/*/Linux||Not Affected||27 Sep 2005||27 Sep 2005|
|Red Hat, Inc.||Not Affected||27 Sep 2005||29 Sep 2005|
|Slackware Linux Inc.||Not Affected||27 Sep 2005||24 Oct 2005|
|Sun Microsystems, Inc.||Not Affected||27 Sep 2005||27 Sep 2005|
|Apple Computer, Inc.||Unknown||27 Sep 2005||27 Sep 2005|
|Conectiva Inc.||Unknown||21 Oct 2005||21 Oct 2005|
|Cray Inc.||Unknown||21 Oct 2005||21 Oct 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Thierry Carrez.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2005-2920
- Date Public: 19 Sep 2005
- Date First Published: 21 Oct 2005
- Date Last Updated: 03 Nov 2005
- Severity Metric: 6.75
- Document Revision: 45
If you have feedback, comments, or additional information about this vulnerability, please send us email.