Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 100178

Summary: app-antivirus/clamav 0.86.2 fixes integer overflows
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical CC: antivirus, net-mail, reb
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/archive/1/406377/30/
Whiteboard: A1 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen gentoo-dev 2005-07-24 22:21:28 UTC
From Changelog: 
 
libclamav/fsg.c: Fix possible integer overflow (acab) Reported by Alex 
Wheeler. 
libclamav/chmunpack.c: Fix possible malloc overflow (trog) Reported by Alex 
Wheeler. 
libclamav/tnef.c: Fix possible crash if the length field is 0 or negative in 
headers (njh) Reported by Alex Wheeler (alexbling at gmail.com)
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2005-07-24 22:25:06 UTC
net-mail/antivirus please advise and provide an updated ebuild if needed. I'm 
not sure how easy these are to exploit, not much detail provided. 
Comment 2 Andrej Kacian (RETIRED) gentoo-dev 2005-07-25 02:44:14 UTC
Eh, I have committed the ebuild first thing this morning, when I found sf.net
release announce in my mail, before reading this bug. So, there goes, unstable
for all used arches. :)
Comment 3 Andrej Kacian (RETIRED) gentoo-dev 2005-07-25 02:59:04 UTC
Looks like the third mentioned overflow would be easy to exploit, since all it
takes is wrong value in headers of incoming data. Second one should be
exploitable as well, judging from the code, since it deals with too long filename.

As for the first mentioned changelog entry, it's some sort of boundary checking,
but I don't know clamav code too well, so I couldn't say whether it was
something with internal data, or with outside data.
Comment 4 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-25 09:42:04 UTC
*** Bug 100248 has been marked as a duplicate of this bug. ***
Comment 5 Sune Kloppenborg Jeppesen gentoo-dev 2005-07-25 10:38:02 UTC
Arches please test and mark stable. 
Comment 6 René Nussbaumer (RETIRED) gentoo-dev 2005-07-25 11:28:31 UTC
Stable on hppa
Comment 7 Herbie Hopkins (RETIRED) gentoo-dev 2005-07-25 12:03:50 UTC
Stable on amd64.
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2005-07-25 12:06:08 UTC
sparc stable.
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2005-07-25 12:30:53 UTC
ppc stable
Comment 10 Andrej Kacian (RETIRED) gentoo-dev 2005-07-25 13:01:41 UTC
x86 happy
Comment 11 Markus Rothe (RETIRED) gentoo-dev 2005-07-25 23:36:56 UTC
stable on ppc64
Comment 12 Sune Kloppenborg Jeppesen gentoo-dev 2005-07-26 13:31:58 UTC
Stable on alpha, bug 100178.  
 
Thx kloeri 
Comment 13 Sune Kloppenborg Jeppesen gentoo-dev 2005-07-26 13:57:10 UTC
GLSA 200507-25