ClamAV 0.88.4

Julian Field mailscanner at ecs.soton.ac.uk
Wed Aug 9 17:46:26 IST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Done.
I should have read the Subject: line :-)

Randal, Phil wrote:
> http://www.clamav.net/security/0.88.4.html
> 
>     *   CVE: CVE-2006-4018
>     * Status: Critical
>     * Vulnerable: ClamAV 0.81 - 0.88.3
> 
> A heap overflow vulnerability was discovered in libclamav which could
> cause a denial of service or allow the execution of arbitrary code.
> 
> The problem is specifically located in the PE file rebuild function used
> by the UPX unpacker.
> 
> Relevant code from libclamav/upx.c:
> 
>   memcpy(dst, newbuf, foffset);
>   *dsize = foffset;
>   free(newbuf);
> 
>   cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");
>   return 1;
> 
> Due to improper validation it is possible to overflow the above memcpy()
> beyond the allocated memory block.
> 
> The problem has been fixed in 0.88.4.
> 
> 
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK  
> 
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
>> Of Julian Field
>> Sent: 09 August 2006 10:49
>> To: MailScanner discussion
>> Subject: Re: ClamAV 0.88.4
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> What's out of date in it?
>>
>> Randal, Phil wrote:
>>> Nudges Jules...
>>>
>>> Any schedule for an updated install-Clam-SA.tar.gz?
>>>
>>> Cheers,
>>>
>>> Phil
>>>
>>> --
>>> Phil Randal
>>> Network Engineer
>>> Herefordshire Council
>>> Hereford, UK 
>>>   
>> - -- 
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP SDK 3.7.0
>> Charset: ISO-8859-1
>>
>> wj8DBQFE2a99EfZZRxQVtlQRAvZFAKDyQSB0cCeH2FkUmNqrKUdeWGyW8gCfYHrf
>> MLid8ASNZTzJPBDXyr18F/4=
>> =WM2e
>> -----END PGP SIGNATURE-----
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> MailScanner thanks transtec Computers for their support.
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website! 
>>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at MailScanner.biz

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Get your PCs and servers from Transtec.de, very well built and reliable!

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.7.0
Charset: ISO-8859-1

wj4DBQFE2hFmEfZZRxQVtlQRAt9sAJ4y9FFCwx2AaOnKxtT5irDr3WVCbgCY54i2
yzJ7dSPCcp0SRfmRdSg4bg==
=4Wue
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

More information about the MailScanner mailing list