A buffer overflow in Clam AntiVirus (ClamAV) may allow a remote attacker to execute arbitrary code.
Clam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV (libclamav/upx.c) may allow a buffer overflow to occur. If a remote attacker sends a specially crafted UPX-packed executable to a vulnerable ClamAV installation, that attacker may be able to trigger the buffer overflow.
A remote attacker may be able to execute arbitrary code with the privileges of the application linked to the ClamAV process. In addition, this vulnerability may prevent ClamAV from detecting malicious UPX-packed executables.
This issue was corrected in ClamAV 0.87.
Do not access UPX-packed executables from untrusted sources
This vulnerability was reported by Thierry Carrez.
This document was written by Jeff Gennari.
|Date First Published:||2005-10-21|
|Date Last Updated:||2005-11-03 14:35 UTC|