[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

New clamav

Theres a new clamav version, I only heard about it from our security people a couple hours ago. It has security fixes, too.


-------- Original Message --------
>>> From: list@rem0te.com
>>> To: full-disclosure@lists.grok.org.uk
>>> Cc: bugtraq@securityfocus.com
>>> Date
>>> July 25, 2005
>>> Vulnerability
>>> ClamAV is the most widely used GPL antivirus library today. It provides
>>> file format support for virus analysis. During analysis ClamAV Antivirus
>>> Library is vulnerable to buffer overflows allowing attackers complete
>>> control of the system. These vulnerabilities can be exploited remotely
>>> without user interaction or authentication through common protocols such
>>> as SMTP, SMB, HTTP, FTP, etc.
>>> Specifically, ClamAV is responsible for parsing multiple file formats.
>>> At least 4 of its file format processors contain remote security bugs.
>>> Specifically, during the processing of TNEF, CHM, & FSG formats an
>>> attacker is able to trigger several integer overflows that allow
>>> attackers to overwrite heap data to obtain complete control of the
>>> system. These vulnerabilities can be reached by default and triggered
>>> without user interaction by sending an e-mail containing crafted data.
>>> Impact
>>> Successful exploitation of ClamAV protected systems allows attackers
>>> unauthorized control of data and related privileges. It also provides
>>> leverage for further network compromise. ClamAV implementations are
>>> likely vulnerable in their default configuration.
>>> Affected Products
>>> ClamAV – 0.86.1 (current) and prior
>>> There are numerous implementations of ClamAV listed on their site which
>>> are likely vulnerable. One party of note is Apple. Apple includes ClamAV
>>> by default in Mac OS X Server. In addition, ClamAV has been ported to
>>> windows and a variety of other platforms by third parties who’s
>>> implementations are also likely vulnerable. Refer to vendor for
>>> specifics.
>>> Credit
>>> These vulnerabilities were discovered and researched by Neel Mehta &
>>> Alex Wheeler.
>>> Contact
>>> security@rem0te.com
>>> Details
>>> http://www.rem0te.com/public/images/clamav.pdf

Scott Dier <sdier@cs.umn.edu>
CS/IT Systems Staff

Reply to: