Info

Disclosure

Jan 12, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in ClamAV. The product fails to correctly perform a size allocation resulting in a heap overflow. With a specially crafted UPX file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private, Exploit Rumored
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Upgrade to version 0.88 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Tomasz Kojm

Clam AntiVirus

0.87.1

References

Security Tracker: 1015457
Bugtraq ID: 16191
Secunia Advisory ID: 18379 18453 18463 18478 18503 18548
CVE ID: 2006-0162 (see also: NVD)
VUPEN Advisory: ADV-2006-0116
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0434.html
Other Advisory URL: http://www.clamav.net/doc/0.88/ChangeLog
http://www.novell.com/linux/security/advisories/2006_01_sr.html
http://www.trustix.org/errata/2006/0002/
http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
Vendor Specific Advisory URL: http://www.debian.org/security/2006/dsa-947
http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:016
Keyword: ZDI-06-001

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/22318