[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    ClamAV Multiple Rem0te Buffer Overflows
From:       list () rem0te ! com
Date:       2005-07-25 13:29:28
Message-ID: W981113232911501122298168 () webmail2
[Download RAW message or body]

Date
July 25, 2005

Vulnerability
ClamAV is the most widely used GPL antivirus library today. It provides file format \
support for virus analysis. During analysis ClamAV Antivirus Library is vulnerable to \
buffer overflows allowing attackers complete control of the system. These \
vulnerabilities can be exploited remotely without user interaction or authentication \
through common protocols such as SMTP, SMB, HTTP, FTP, etc. 

Specifically, ClamAV is responsible for parsing multiple file formats. At least 4 of \
its file format processors contain remote security bugs. Specifically, during the \
processing of TNEF, CHM, & FSG formats an attacker is able to trigger several integer \
overflows that allow attackers to overwrite heap data to obtain complete control of \
the system. These vulnerabilities can be reached by default and triggered without \
user interaction by sending an e-mail containing crafted data. 

Impact
Successful exploitation of ClamAV protected systems allows attackers unauthorized \
control of data and related privileges. It also provides leverage for further network \
compromise. ClamAV implementations are likely vulnerable in their default \
configuration.

Affected Products
ClamAV – 0.86.1 (current) and prior

There are numerous implementations of ClamAV listed on their site which are likely \
vulnerable. One party of note is Apple. Apple includes ClamAV by default in Mac OS X \
Server. In addition, ClamAV has been ported to windows and a variety of other \
platforms by third parties who's implementations are also likely vulnerable. Refer to \
vendor for specifics.

Credit
These vulnerabilities were discovered and researched by Neel Mehta & Alex Wheeler.

Contact
security@rem0te.com 

Details
http://www.rem0te.com/public/images/clamav.pdf


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic