New clamav

To: debian-volatile@lists.debian.org
Subject: New clamav
From: "Scott M. Dier" <sdier@cs.umn.edu>
Date: Mon, 25 Jul 2005 13:36:59 -0500
Message-id: <[🔎] 42E5314B.5020901@cs.umn.edu>

Theres a new clamav version, I only heard about it from our securitypeople a couple hours ago. It has security fixes, too.


Thanks,


-------- Original Message --------
>>> From: list@rem0te.com
>>> To: full-disclosure@lists.grok.org.uk
>>> Cc: bugtraq@securityfocus.com
>>>
>>> Date
>>> July 25, 2005
>>>
>>> Vulnerability
>>> ClamAV is the most widely used GPL antivirus library today. It provides

>>> file format support for virus analysis. During analysis ClamAVAntivirus

>>> Library is vulnerable to buffer overflows allowing attackers complete
>>> control of the system. These vulnerabilities can be exploited remotely

>>> without user interaction or authentication through common protocolssuch

>>> as SMTP, SMB, HTTP, FTP, etc.
>>>
>>> Specifically, ClamAV is responsible for parsing multiple file formats.
>>> At least 4 of its file format processors contain remote security bugs.
>>> Specifically, during the processing of TNEF, CHM, & FSG formats an
>>> attacker is able to trigger several integer overflows that allow
>>> attackers to overwrite heap data to obtain complete control of the
>>> system. These vulnerabilities can be reached by default and triggered
>>> without user interaction by sending an e-mail containing crafted data.
>>>
>>> Impact
>>> Successful exploitation of ClamAV protected systems allows attackers
>>> unauthorized control of data and related privileges. It also provides
>>> leverage for further network compromise. ClamAV implementations are
>>> likely vulnerable in their default configuration.
>>>
>>> Affected Products
>>> ClamAV – 0.86.1 (current) and prior
>>>
>>> There are numerous implementations of ClamAV listed on their site which

>>> are likely vulnerable. One party of note is Apple. Apple includesClamAV

>>> by default in Mac OS X Server. In addition, ClamAV has been ported to
>>> windows and a variety of other platforms by third parties who’s
>>> implementations are also likely vulnerable. Refer to vendor for
>>> specifics.
>>>
>>> Credit
>>> These vulnerabilities were discovered and researched by Neel Mehta &
>>> Alex Wheeler.
>>>
>>> Contact
>>> security@rem0te.com
>>>
>>> Details
>>> http://www.rem0te.com/public/images/clamav.pdf

--
Scott Dier <sdier@cs.umn.edu>
CS/IT Systems Staff

Reply to:

Follow-Ups:
- Re: New clamav
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Re: Volatile archive down
Next by Date: Re: New clamav
Previous by thread: Re: Volatile archive down
Next by thread: Re: New clamav
Index(es):
- Date
- Thread