Vulnerability Note VU#363713
Clam AntiVirus contains a buffer overflow vulnerability
Overview
A buffer overflow in Clam AntiVirus (ClamAV) may allow a remote attacker to execute arbitrary code.
Description
Clam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV (libclamav/upx.c) may allow a buffer overflow to occur. If a remote attacker sends a specially crafted UPX-packed executable to a vulnerable ClamAV installation, that attacker may be able to trigger the buffer overflow. |
Impact
A remote attacker may be able to execute arbitrary code with the privileges of the application linked to the ClamAV process. In addition, this vulnerability may prevent ClamAV from detecting malicious UPX-packed executables. |
Solution
Upgrade This issue was corrected in ClamAV 0.87. |
Do not access UPX-packed executables from untrusted sources |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Clam AntiVirus | Affected | - | 20 Oct 2005 |
| Debian Linux | Affected | 27 Sep 2005 | 03 Nov 2005 |
| FreeBSD, Inc. | Affected | 21 Oct 2005 | 24 Oct 2005 |
| Mandriva, Inc. | Affected | 27 Sep 2005 | 28 Sep 2005 |
| Ubuntu | Affected | 27 Sep 2005 | 28 Sep 2005 |
| F5 Networks, Inc. | Not Affected | 21 Oct 2005 | 24 Oct 2005 |
| Hitachi | Not Affected | 21 Oct 2005 | 24 Oct 2005 |
| Microsoft Corporation | Not Affected | 21 Oct 2005 | 21 Oct 2005 |
| Openwall GNU/*/Linux | Not Affected | 27 Sep 2005 | 27 Sep 2005 |
| Red Hat, Inc. | Not Affected | 27 Sep 2005 | 29 Sep 2005 |
| Slackware Linux Inc. | Not Affected | 27 Sep 2005 | 24 Oct 2005 |
| Sun Microsystems, Inc. | Not Affected | 27 Sep 2005 | 27 Sep 2005 |
| Apple Computer, Inc. | Unknown | 27 Sep 2005 | 27 Sep 2005 |
| Conectiva Inc. | Unknown | 21 Oct 2005 | 21 Oct 2005 |
| Cray Inc. | Unknown | 21 Oct 2005 | 21 Oct 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://secunia.com/advisories/16848/
- http://sourceforge.net/project/shownotes.php?release_id=356974
- http://www.securityfocus.com/bid/14866
- http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml
- http://www.clamav.net/
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:166
Credit
This vulnerability was reported by Thierry Carrez.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: CAN-2005-2920
- Date Public: 19 Sep 2005
- Date First Published: 21 Oct 2005
- Date Last Updated: 03 Nov 2005
- Severity Metric: 6.75
- Document Revision: 45
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.