ClamAV 0.92

Gottschalk, David dgottsc at emory.edu
Thu Dec 20 14:10:24 GMT 2007


Anyone running ClamAV 0.92 OK? I just got this alert, and looks like it is time to upgrade.....

TITLE:
ClamAV "cli_scanpe()" MEW Handling Integer Overflow

SECUNIA ADVISORY ID:
SA28117

VERIFY ADVISORY:
http://secunia.com/advisories/28117/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
Clam AntiVirus (clamav) 0.x
http://secunia.com/product/2538/

DESCRIPTION:
A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to an integer overflow error within the "cli_scanpe()" function when handling MEW packed executables.
This can be exploited to cause a heap-based buffer overflow via specially crafted "ssize" and "dsize" values.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in versions prior to 0.92.

SOLUTION:
Update to version 0.92.

PROVIDED AND/OR DISCOVERED BY:
Discovered by an anonymous researcher and reported via iDefense Labs.

ORIGINAL ADVISORY:
ClamAV:
http://sourceforge.net/project/shownotes.php?release_id=562254&group_id=86638

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634

David Gottschalk
UTS Infrastructure Technology Services
david.gottschalk at emory.edu



This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information.  If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).


More information about the MailScanner mailing list