A buffer overflow in Clam AntiVirus (ClamAV) may allow a remote attacker to execute arbitrary code.
Clam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV (libclamav/upx.c) may allow a buffer overflow to occur. If a remote attacker sends a specially crafted UPX-packed executable to a vulnerable ClamAV installation, that attacker may be able to trigger the buffer overflow.
A remote attacker may be able to execute arbitrary code with the privileges of the application linked to the ClamAV process. In addition, this vulnerability may prevent ClamAV from detecting malicious UPX-packed executables.
This issue was corrected in ClamAV 0.87.
Do not access UPX-packed executables from untrusted sources
Clam AntiVirus Affected
Debian Linux Affected
FreeBSD, Inc. Affected
Mandriva, Inc. Affected
F5 Networks, Inc. Not Affected
Hitachi Not Affected
Microsoft Corporation Not Affected
Openwall GNU/*/Linux Not Affected
Red Hat, Inc. Not Affected
Slackware Linux Inc. Not Affected
Sun Microsystems, Inc. Not Affected
Apple Computer, Inc. Unknown
Conectiva Inc. Unknown
Cray Inc. Unknown
Engarde Secure Linux Unknown
Fedora Project Unknown
Gentoo Linux Unknown
Hewlett-Packard Company Unknown
IBM Corporation Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Immunix Communications, Inc. Unknown
Ingrian Networks, Inc. Unknown
Juniper Networks, Inc. Unknown
MontaVista Software, Inc. Unknown
NEC Corporation Unknown
Novell, Inc. Unknown
QNX, Software Systems, Inc. Unknown
SUSE Linux Unknown
Sequent Computer Systems, Inc. Unknown
Silicon Graphics, Inc. Unknown
Sony Corporation Unknown
The SCO Group Unknown
The SCO Group (SCO Linux) Unknown
Trustix Secure Linux Unknown
Wind River Systems, Inc. Unknown
This vulnerability was reported by Thierry Carrez.
This document was written by Jeff Gennari.
|Date First Published:||2005-09-27|
|Date Last Updated:||2005-11-03 14:35 UTC|