SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#599220

ClamAV vulnerable to buffer overflow via malicious database mirror

Overview

The Open Source anti-virus program ClamAV's update engine, freshclam, contains a buffer overflow vulnerability. If exploited, an attacker could create a denial-of-service condition, or possibly run arbitrary code with the privileges of the freshclam process.

I. Description

Freshclam is a command line utility that installs and updates virus signatures that are used by the ClamAV anti-virus software. It uses the HTTP protocol to perform file downloads from various web servers that host virus signature updates.

By directly changing one of the HTTP mirrors, or by using another means of redirecting the freshclam process to an attacker-controlled HTTP server, the attacker could cause a denial-of-service condition by sending an oversized HTTP header to the freshclam process.

Note that ClamAV and freshclam server and client programs are available for Microsoft Windows, Linux, Apple OS X, and BSD operating systems.

II. Impact

A remote attacker may create a denial-of-service condition. The vendor reports that remote execution of arbitrary code would not be easy due to diversity of client platforms and architectures.

III. Solution

Upgrade

See the systems affected section of this document for information about specific vendors. Users who compile ClamAV from source are encouraged to upgrade to ClamAV version 0.88.2.

Systems Affected

VendorStatusDate Updated
Clam AntiVirusUnknown28-Jun-2006
Debian GNU/LinuxUnknown28-Jun-2006
SUSE LinuxVulnerable28-Jun-2006

References


http://www.clamav.net/security/0.88.2.html
http://secunia.com/advisories/19880
http://www.debian.org/security/2006/dsa-1050
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html

Credit

This document was written by Ryan Giobbi.

Other Information

Date Public06/27/2006
Date First Published06/28/2006 01:19:36 PM
Date Last Updated06/29/2006
CERT Advisory 
CVE NameCVE-2006-1989
US-CERT Technical Alerts 
Metric0.11
Document Revision28

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader