Info

Disclosure

Nov 04, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 03, 2005

Description

A remote overflow exists in Clam AntiVirus. The 'unfsg_133()' function in 'libclamav/fsg.c' fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted file compressed with FSG v1.33, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Upgrade to version 0.87.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Tomasz Kojm	Clam AntiVirus	0.87
		0.86.x
		0.85.x
		0.84.x
		0.83
		0.82
		0.81.x
		0.80

References

Security Tracker: 1015154
Secunia Advisory ID: 17434 17448 17501 17559
CVE ID: 2005-3303 (see also: NVD)
Related OSVDB ID: 20483 20484
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0122.html
Vendor Specific Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:205
http://www.debian.org/security/2005/dsa-887
http://www.novell.com/linux/security/advisories/2005_26_sr.html
Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=368319
Vendor URL: http://www.clamav.net/
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml
http://www.zerodayinitiative.com/advisories/ZDI-05-002.html
Keyword: ZDI-05-002

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/20482

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Tomasz Kojm

Clam AntiVirus

References

Credit