search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Clam AntiVirus fails to properly handle crafted Portable Executable (PE) files

Vulnerability Note VU#180864

Original Release Date: 2006-11-07 | Last Revised: 2006-11-07

Overview

A vulnerability in the way Clam AntiVirus processes Portable Executable (PE) files may lead to execution of arbitrary code.

Description

Clam AntiVirus is a GPL virus scanner that has built-in support for for a number of file types including PE. According to iDefense Public Advisory: 10.15.06:

While processing certain PE elements, two variables can be very large and integer overflow could occur. This would result in less memory being allocated than was expected by the programmer and subsequent code would overflow the heap buffer.

Note that an attacker must send a specially crafted PE file through any email gateway or personal anti-virus client that employs the Clam AntiVirus scanning engine in order to exploit this vulnerability.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service condition.

Solution

Update
Clam AntiVirus has released an updated version to address this issue. Refer to File Release Notes and Changelog for Clam AntiVirus 0.88.5.

Vendor Information

180864
 
Affected   Unknown   Unaffected

Clam AntiVirus

Updated:  October 27, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to File Release Notes and Changelog for Clam AntiVirus 0.88.5.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian GNU/Linux

Updated:  October 27, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Debian Security Advisory DSA-1196-1.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Updated:  October 27, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Gentoo Linux Security Advisory 200610-10.xml.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc.

Updated:  October 27, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Mandriva Linux Security Advisory MDKSA-2006:184.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Updated:  October 27, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.novell.com/linux/security/advisories/2006_60_clamav.html.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux

Updated:  October 27, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Trustix Secure Linux Security Advisory #2006-0057.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This issue was reported in File Release Notes and Changelog for Clam AntiVirus 0.88.5

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2006-4182
Severity Metric: 10.40
Date Public: 2006-10-16
Date First Published: 2006-11-07
Date Last Updated: 2006-11-07 21:41 UTC
Document Revision: 10

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.