ClamAV Upack Processing Buffer Overflow Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

ClamAV Upack Processing Buffer Overflow Vulnerability - Security - World -

CWRedLight

(Date : 14.04.2008 19:55:13)

ClamAV Upack Processing Buffer Overflow Vulnerability

Secunia Advisory:	SA29000
Release Date:	2008-04-14

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Workaround

Software:	Clam AntiVirus (clamav) 0.x

CVE reference:	CVE-2008-1100 (Secunia mirror)

Description:
Secunia Research has discovered a vulnerability in ClamAV, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "cli_scanpe()" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Upack" executable.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in versions 0.92 and 0.92.1. Prior versions may also be affected.

Solution:
An updated version should be available shortly. The PE scanning module has been remotely switched off after 10/03/2008.

Do not scan untrusted PE files.

Provided and/or discovered by:
Alin Rad Pop, Secunia Research.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2008-11/

Derecelendir

Kaynak

http://secunia.com/advisories/29000/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS