Gentoo Logo

ClamAV: Remote execution of arbitrary code

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200601-07 / clamav
Release Date January 13, 2006
Latest Revision January 13, 2006: 01
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
app-antivirus/clamav < 0.88 >= 0.88 All supported architectures

Related bugreports: #118459

Synopsis

ClamAV is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code.

2.  Impact Information

Background

ClamAV is a GPL virus scanner.

Description

Zero Day Initiative (ZDI) reported a heap buffer overflow vulnerability. The vulnerability is due to an incorrect boundary check of the user-supplied data prior to copying it to an insufficiently sized memory buffer. The flaw occurs when the application attempts to handle compressed UPX files.

Impact

For example by sending a maliciously crafted UPX file into a mail server that is integrated with ClamAV, a remote attacker's supplied code could be executed with escalated privileges.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88"

4.  References

Print

Page updated January 13, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.