Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
BID:17754
Info
Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 17754 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-1989 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2006 12:00AM |
| Updated: | Dec 05 2006 04:09PM |
| Credit: | The vendor credits Ulf Harnhammar and an anonymous researcher from Germany with the simultaneous discovery of this issue. |
| Vulnerable: |
Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 Tomasz Kojm Clam AntiVirus 0.87 Tomasz Kojm Clam AntiVirus 0.83 SuSE SUSE Linux Enterprise Server 8 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Kolab Kolab Groupware Server 2.0.2 Kolab Kolab Groupware Server 2.0.1 ifenslave ifenslave 0.88 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Clam Anti-Virus ClamAV 0.88.1 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 |
| Not Vulnerable: |
Kolab Kolab Groupware Server 2.0.3 Clam Anti-Virus ClamAV 0.88.2 |
Discussion
Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
ClamAV's freshclam utility is susceptible to a remote buffer-overflow vulnerability. The utility fails to perform sufficient boundary checks in server-supplied HTTP data before copying it to an insufficiently sized memory buffer.
To exploit this issue, attackers must subvert webservers in the ClamAV database server pool. Or, they would perform DNS-based attacks or man-in-the-middle attacks to cause affected freshclam applications to connect to attacker-controlled webservers.
This issue allows remote attackers to execute arbitrary machine code in the context of the freshclam utility. The affected utility may run with superuser privileges, aiding remote attackers in the complete compromise of affected computers.
ClamAV versions 0.88 and 0.88.1 are affected by this issue.
ClamAV's freshclam utility is susceptible to a remote buffer-overflow vulnerability. The utility fails to perform sufficient boundary checks in server-supplied HTTP data before copying it to an insufficiently sized memory buffer.
To exploit this issue, attackers must subvert webservers in the ClamAV database server pool. Or, they would perform DNS-based attacks or man-in-the-middle attacks to cause affected freshclam applications to connect to attacker-controlled webservers.
This issue allows remote attackers to execute arbitrary machine code in the context of the freshclam utility. The affected utility may run with superuser privileges, aiding remote attackers in the complete compromise of affected computers.
ClamAV versions 0.88 and 0.88.1 are affected by this issue.
Exploit / POC
Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
Solution:
The vendor has released updates to address these issues. Please see the referenced advisories for more information.
Tomasz Kojm Clam AntiVirus 0.83
Tomasz Kojm Clam AntiVirus 0.87
ifenslave ifenslave 0.88
Clam Anti-Virus ClamAV 0.88.1
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.6
Solution:
The vendor has released updates to address these issues. Please see the referenced advisories for more information.
Tomasz Kojm Clam AntiVirus 0.83
-
Mandriva clamav-0.88.2-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.2-0.1.102mdk.src.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.2-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.2-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.2-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-0.88.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-devel-0.88.2-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva libclamav1-0.88.2-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download -
Mandriva libclamav1-devel-0.88.2-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download
Tomasz Kojm Clam AntiVirus 0.87
-
Mandriva clamav-0.88.2-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download
ifenslave ifenslave 0.88
-
Clam Anti-Virus clamav-0.88.2.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.88.2.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.88.1
-
Clam Anti-Virus clamav-0.88.2.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.88.2.tar.gz?downloa d
Apple Mac OS X Server 10.4.4
-
Apple MacOSXSrvrUpdCombo10.4.7.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.5
-
Apple MacOSXSrvrUpdCombo10.4.7.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.6
-
Apple MacOSXServerUpdate10.4.7.dmg
http://www.apple.com/support/downloads/ -
Apple MacOSXSrvrUpdCombo10.4.7.dmg
http://www.apple.com/support/downloads/
References
Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
References:
References:
- ClamAV 0.88.2 ChangeLog (ClamAV)
- ClamAV Homepage (Clam Anti-Virus)
- Kolab Security Issue 09 20060516 (Kolab)
- Security advisory: 0.88.2 (ClamAV)