Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 143093
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Raphael Marichez <falco@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 143093 depends on: Show dependency tree
Bug 143093 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-08-07 07:54 0000 
Hi teams,

clamav is vulnerable :(

SA 21374:

"Description:
Damian Put has discovered a vulnerability in Clam AntiVirus, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

The vulnerability is caused due to an boundary error in the "pefromupx()"
function in libclamav/upx.c when unpacking PE executable files compressed with
UPX. This can be exploited to cause a heap-based buffer overflow via a
specially crafted UPX compressed file.

Successful exploitation crashes the service and may allow execution of
arbitrary code.

The vulnerability has been confirmed in versions 0.88.2 and 0.88.3. Other
versions may also be affected.

Solution:
Disable the "ScanPE" option for clamd and start clamscan with the "--no-pe"
option. Please note that this completely disables the scanning of PE files.
Then block or filter PE files in some other way.

Provided and/or discovered by:
Damian Put

Original Advisory:
http://www.overflow.pl/adv/clamav_upx_heap.txt "

------- Comment #1 From Raphael Marichez 2006-08-07 07:55:32 0000 ------- 
note that ScanPE is enabled by default

let's wait for a patch or update...

------- Comment #2 From Andrej Kacian (RETIRED) 2006-08-07 12:50:11 0000 ------- 
0.88.4 is out, I'll commit the ebuild in few minutes

------- Comment #3 From Andrej Kacian (RETIRED) 2006-08-07 16:52:49 0000 ------- 
Ebuild for 0.88.4 is in the tree now - by the power bestowed unto me by
jaervosz, I'm CCing arch teams, please do your magic.

x86 has been stabilized by me already, after testing on two stable boxes.

------- Comment #4 From Jason Wever (RETIRED) 2006-08-07 17:46:32 0000 ------- 
SPARC virus detected, all your arch are belong to us!

------- Comment #5 From Fernando J. Pereda (RETIRED) 2006-08-07 17:53:03 0000 ------- 
Looks fine on Alpha.

------- Comment #6 From Scott Stoddard (RETIRED) 2006-08-07 18:05:33 0000 ------- 
amd64 done.

------- Comment #7 From Luca Barbato 2006-08-07 18:11:41 0000 ------- 
ppc follows

------- Comment #8 From Markus Rothe 2006-08-07 23:31:59 0000 ------- 
ppc64 stable

------- Comment #9 From Raphael Marichez 2006-08-08 00:27:46 0000 ------- 
debian isn't updated yet, we may have a chance !  :)

------- Comment #10 From René Nussbaumer 2006-08-08 02:12:46 0000 ------- 
stable on hppa

------- Comment #11 From Raphael Marichez 2006-08-08 02:35:30 0000 ------- 
Ready for GLSA ! :)

------- Comment #12 From Matthias Geerdsen 2006-08-08 07:13:46 0000 ------- 
GLSA 200608-13

thanks for the quick work on this one
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug