ClamAV Popen Function Remote Code Execution Vulnerability

Bugtraq ID:	25439
Class:	Input Validation Error
CVE:	CVE-2007-4560
Remote:	Yes
Local:	No
Published:	Aug 25 2007 12:00AM
Updated:	Mar 19 2008 01:50AM
Credit:	Nikolaos Rangos of n.runs AG is credited with the discovery of this vulnerability.
Vulnerable:	Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 SuSE SUSE Linux Enterprise Server 9 SP3 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE SUSE Linux Enterprise Desktop 10 SP1 SuSE SUSE Linux Enterprise Desktop 10 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Enterprise Server 9-SP3 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc Red Hat Fedora Core7 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 ifenslave ifenslave 0.88 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Clam Anti-Virus ClamAV 0.91.1 Clam Anti-Virus ClamAV 0.90.3 Clam Anti-Virus ClamAV 0.90.2 Clam Anti-Virus ClamAV 0.90.1 + Debian Linux 4.0 sparc + Debian Linux 4.0 s/390 + Debian Linux 4.0 powerpc + Debian Linux 4.0 mipsel + Debian Linux 4.0 mips + Debian Linux 4.0 m68k + Debian Linux 4.0 ia-64 + Debian Linux 4.0 ia-32 + Debian Linux 4.0 hppa + Debian Linux 4.0 arm + Debian Linux 4.0 amd64 + Debian Linux 4.0 alpha + Debian Linux 4.0 Clam Anti-Virus ClamAV 0.90 Clam Anti-Virus ClamAV 0.88.5 Clam Anti-Virus ClamAV 0.88.4 Clam Anti-Virus ClamAV 0.88.3 Clam Anti-Virus ClamAV 0.88.2 Clam Anti-Virus ClamAV 0.88.1 Clam Anti-Virus ClamAV 0.87.1 Clam Anti-Virus ClamAV 0.87 -1 Clam Anti-Virus ClamAV 0.87 Clam Anti-Virus ClamAV 0.86.2 Clam Anti-Virus ClamAV 0.86 .1 Clam Anti-Virus ClamAV 0.86 Clam Anti-Virus ClamAV 0.85.1 Clam Anti-Virus ClamAV 0.85 Clam Anti-Virus ClamAV 0.84 rc2 Clam Anti-Virus ClamAV 0.84 rc1 Clam Anti-Virus ClamAV 0.84 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 Clam Anti-Virus ClamAV 0.83 Clam Anti-Virus ClamAV 0.82 Clam Anti-Virus ClamAV 0.81 + Gentoo Linux Clam Anti-Virus ClamAV 0.80 rc4 Clam Anti-Virus ClamAV 0.80 rc3 Clam Anti-Virus ClamAV 0.80 rc2 Clam Anti-Virus ClamAV 0.80 rc1 Clam Anti-Virus ClamAV 0.80 Clam Anti-Virus ClamAV 0.75.1 Clam Anti-Virus ClamAV 0.70 Clam Anti-Virus ClamAV 0.68 -1 Clam Anti-Virus ClamAV 0.68 Clam Anti-Virus ClamAV 0.67 Clam Anti-Virus ClamAV 0.65 Clam Anti-Virus ClamAV 0.60 Clam Anti-Virus ClamAV 0.54 Clam Anti-Virus ClamAV 0.53 Clam Anti-Virus ClamAV 0.52 Clam Anti-Virus ClamAV 0.51 Clam Anti-Virus ClamAV 0.91 Clam Anti-Virus ClamAV 0.88.6 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5
Not Vulnerable:	Clam Anti-Virus ClamAV 0.91.2

ClamAV Popen Function Remote Code Execution Vulnerability

ClamAV is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to ClamAV 0.91.2 are vulnerable.

ClamAV Popen Function Remote Code Execution Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/25439.pl

ClamAV Popen Function Remote Code Execution Vulnerability

Solution:
The vendor released ClamAV 0.91.2 to address this issue. Please see the references for more information.


Clam Anti-Virus ClamAV 0.88.6

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.51

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.53

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.65

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.70

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.75.1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.80 rc4

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.80

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.80 rc3

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.80 rc1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.81

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.82

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.83

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.84

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.84 rc2

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.84 rc1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.85

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.86 .1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.86

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.86.2

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.87

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.87 -1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.87.1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.88.1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.88.2

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.88.3

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.88.5

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.90.1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.90.2

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.90.3

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Clam Anti-Virus ClamAV 0.91.1

• Clam Anti-Virus clamav-0.91.2.tar.gz
  http://downloads.sourceforge.net/clamav/clamav-0.91.2.tar.gz?modtime=1 187690903&big_mirror=0

Apple Mac OS X Server 10.5.2

• Apple SecUpdSrvr2008-002.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat= 57&platform=osx&method=sa/SecUpdSrvr2008-002.dmg

ClamAV Popen Function Remote Code Execution Vulnerability

References:

• ClamAV Homepage (ClamAV)
  
• n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory ([email protected])
  
• TSLSA-2007-0026 - multi (Trustix)