ClamAV 0.92
Gottschalk, David
dgottsc at emory.edu
Thu Dec 20 14:10:24 GMT 2007
Anyone running ClamAV 0.92 OK? I just got this alert, and looks like it is time to upgrade.....
TITLE:
ClamAV "cli_scanpe()" MEW Handling Integer Overflow
SECUNIA ADVISORY ID:
SA28117
VERIFY ADVISORY:
http://secunia.com/advisories/28117/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Clam AntiVirus (clamav) 0.x
http://secunia.com/product/2538/
DESCRIPTION:
A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to an integer overflow error within the "cli_scanpe()" function when handling MEW packed executables.
This can be exploited to cause a heap-based buffer overflow via specially crafted "ssize" and "dsize" values.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in versions prior to 0.92.
SOLUTION:
Update to version 0.92.
PROVIDED AND/OR DISCOVERED BY:
Discovered by an anonymous researcher and reported via iDefense Labs.
ORIGINAL ADVISORY:
ClamAV:
http://sourceforge.net/project/shownotes.php?release_id=562254&group_id=86638
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634
David Gottschalk
UTS Infrastructure Technology Services
david.gottschalk at emory.edu
This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.
If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
More information about the MailScanner
mailing list