[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: ClamAV Multiple Rem0te Buffer Overflows
From: list () rem0te ! com
Date: 2005-07-25 13:29:28
Message-ID: W981113232911501122298168 () webmail2
[Download RAW message or body]
Date
July 25, 2005
Vulnerability
ClamAV is the most widely used GPL antivirus library today. It provides file format \
support for virus analysis. During analysis ClamAV Antivirus Library is vulnerable to \
buffer overflows allowing attackers complete control of the system. These \
vulnerabilities can be exploited remotely without user interaction or authentication \
through common protocols such as SMTP, SMB, HTTP, FTP, etc.
Specifically, ClamAV is responsible for parsing multiple file formats. At least 4 of \
its file format processors contain remote security bugs. Specifically, during the \
processing of TNEF, CHM, & FSG formats an attacker is able to trigger several integer \
overflows that allow attackers to overwrite heap data to obtain complete control of \
the system. These vulnerabilities can be reached by default and triggered without \
user interaction by sending an e-mail containing crafted data.
Impact
Successful exploitation of ClamAV protected systems allows attackers unauthorized \
control of data and related privileges. It also provides leverage for further network \
compromise. ClamAV implementations are likely vulnerable in their default \
configuration.
Affected Products
ClamAV – 0.86.1 (current) and prior
There are numerous implementations of ClamAV listed on their site which are likely \
vulnerable. One party of note is Apple. Apple includes ClamAV by default in Mac OS X \
Server. In addition, ClamAV has been ported to windows and a variety of other \
platforms by third parties who's implementations are also likely vulnerable. Refer to \
vendor for specifics.
Credit
These vulnerabilities were discovered and researched by Neel Mehta & Alex Wheeler.
Contact
security@rem0te.com
Details
http://www.rem0te.com/public/images/clamav.pdf
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic