ClamAV 0.88.4
Randal, Phil
prandal at herefordshire.gov.uk
Wed Aug 9 11:26:37 IST 2006
http://www.clamav.net/security/0.88.4.html
* CVE: CVE-2006-4018
* Status: Critical
* Vulnerable: ClamAV 0.81 - 0.88.3
A heap overflow vulnerability was discovered in libclamav which could
cause a denial of service or allow the execution of arbitrary code.
The problem is specifically located in the PE file rebuild function used
by the UPX unpacker.
Relevant code from libclamav/upx.c:
memcpy(dst, newbuf, foffset);
*dsize = foffset;
free(newbuf);
cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");
return 1;
Due to improper validation it is possible to overflow the above memcpy()
beyond the allocated memory block.
The problem has been fixed in 0.88.4.
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Julian Field
> Sent: 09 August 2006 10:49
> To: MailScanner discussion
> Subject: Re: ClamAV 0.88.4
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What's out of date in it?
>
> Randal, Phil wrote:
> > Nudges Jules...
> >
> > Any schedule for an updated install-Clam-SA.tar.gz?
> >
> > Cheers,
> >
> > Phil
> >
> > --
> > Phil Randal
> > Network Engineer
> > Herefordshire Council
> > Hereford, UK
> >
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP SDK 3.7.0
> Charset: ISO-8859-1
>
> wj8DBQFE2a99EfZZRxQVtlQRAvZFAKDyQSB0cCeH2FkUmNqrKUdeWGyW8gCfYHrf
> MLid8ASNZTzJPBDXyr18F/4=
> =WM2e
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
More information about the MailScanner
mailing list