|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#363713
Clam AntiVirus contains a buffer overflow vulnerability
OverviewA buffer overflow in Clam AntiVirus (ClamAV) may allow a remote attacker to execute arbitrary code.
I. DescriptionClam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV (libclamav/upx.c) may allow a buffer overflow to occur. If a remote attacker sends a specially crafted UPX-packed executable to a vulnerable ClamAV installation, that attacker may be able to trigger the buffer overflow. II. ImpactA remote attacker may be able to execute arbitrary code with the privileges of the application linked to the ClamAV process. In addition, this vulnerability may prevent ClamAV from detecting malicious UPX-packed executables.III. SolutionUpgrade
This issue was corrected in ClamAV 0.87.
Do not access UPX-packed executables from untrusted sources
Exploitation occurs by via specially crafted UPX-packed executables. By only accessing UPX-packed executables from trusted or known sources, the chances of exploitation are reduced.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Apple Computer, Inc. | Unknown | 27-Sep-2005 |
| Clam AntiVirus | Vulnerable | 20-Oct-2005 |
| Conectiva Inc. | Unknown | 21-Oct-2005 |
| Cray Inc. | Unknown | 21-Oct-2005 |
| Debian Linux | Vulnerable | 3-Nov-2005 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 21-Oct-2005 |
| Engarde Secure Linux | Unknown | 27-Sep-2005 |
| F5 Networks, Inc. | Not Vulnerable | 24-Oct-2005 |
| Fedora Project | Unknown | 27-Sep-2005 |
| FreeBSD, Inc. | Vulnerable | 24-Oct-2005 |
| Fujitsu | Unknown | 21-Oct-2005 |
| Gentoo Linux | Unknown | 27-Sep-2005 |
| Hewlett-Packard Company | Unknown | 27-Sep-2005 |
| Hitachi | Not Vulnerable | 24-Oct-2005 |
| IBM Corporation | Unknown | 27-Sep-2005 |
| IBM Corporation (zseries) | Unknown | 27-Sep-2005 |
| IBM eServer | Unknown | 27-Sep-2005 |
| Immunix Communications, Inc. | Unknown | 27-Sep-2005 |
| Ingrian Networks, Inc. | Unknown | 27-Sep-2005 |
| Juniper Networks, Inc. | Unknown | 21-Oct-2005 |
| Mandriva, Inc. | Vulnerable | 28-Sep-2005 |
| Microsoft Corporation | Not Vulnerable | 21-Oct-2005 |
| MontaVista Software, Inc. | Unknown | 27-Sep-2005 |
| NEC Corporation | Unknown | 21-Oct-2005 |
| NetBSD | Unknown | 21-Oct-2005 |
| Novell, Inc. | Unknown | 27-Sep-2005 |
| OpenBSD | Unknown | 21-Oct-2005 |
| Openwall GNU/*/Linux | Not Vulnerable | 27-Sep-2005 |
| QNX, Software Systems, Inc. | Unknown | 21-Oct-2005 |
| Red Hat, Inc. | Not Vulnerable | 29-Sep-2005 |
| Sequent Computer Systems, Inc. | Unknown | 27-Sep-2005 |
| Silicon Graphics, Inc. | Unknown | 21-Oct-2005 |
| Slackware Linux Inc. | Not Vulnerable | 24-Oct-2005 |
| Sony Corporation | Unknown | 21-Oct-2005 |
| Sun Microsystems, Inc. | Not Vulnerable | 27-Sep-2005 |
| SUSE Linux | Unknown | 27-Sep-2005 |
| The SCO Group | Unknown | 21-Oct-2005 |
| The SCO Group (SCO Linux) | Unknown | 27-Sep-2005 |
| Trustix Secure Linux | Unknown | 27-Sep-2005 |
| Turbolinux | Unknown | 27-Sep-2005 |
| Ubuntu | Vulnerable | 28-Sep-2005 |
| Unisys | Unknown | 21-Oct-2005 |
| Wind River Systems, Inc. | Unknown | 21-Oct-2005 |
References
http://secunia.com/advisories/16848/
http://sourceforge.net/project/shownotes.php?release_id=356974
http://www.securityfocus.com/bid/14866
http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml
http://www.clamav.net/
http://www.mandriva.com/security/advisories?name=MDKSA-2005:166
Credit
This vulnerability was reported by Thierry Carrez.
This document was written by Jeff Gennari.
Other Information
| Date Public: | 2005-09-19 |
| Date First Published: | 2005-10-21 |
| Date Last Updated: | 2005-11-03 |
| CERT Advisory: | |
| CVE-ID(s): | CAN-2005-2920 |
| NVD-ID(s): | CAN-2005-2920 |
| US-CERT Technical Alerts: | |
| Metric: | 6.75 |
| Document Revision: | 45 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader