Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 151561

Summary: app-antivirus/clamav: CHM Unpacker and PE Rebuilding Vulnerabilities
Product: Gentoo Security Reporter: Aarni Honka <aarni.honka>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: antivirus, bernd, chainsaw, net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/22370/
Whiteboard: B1 [glsa] Falco
Package list:
Runtime testing required: ---

Description Aarni Honka 2006-10-16 03:25:41 UTC 
TITLE:
Clam AntiVirus CHM Unpacker and PE Rebuilding Vulnerabilities

SECUNIA ADVISORY ID:
SA22370

VERIFY ADVISORY:
http://secunia.com/advisories/22370/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
Clam AntiVirus (clamav) 0.x
http://secunia.com/product/2538/

DESCRIPTION:
Two vulnerabilities have been reported in Clam AntiVirus, which
potentially can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

1) An unspecified error in the CHM unpacker in chmunpack.c can be
exploited to cause a DoS.

2) An unspecified error in rebuildpe.c when rebuilding PE files after
unpacking  can be exploited to cause a heap-based buffer overflow.

SOLUTION:
Update to version 0.88.5.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=455799
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-10-16 04:26:20 UTC 
Once again :((

But this time i didn't see any public exploit nor PoC.

Arches team, please test clamav-0.88.5 & mark stable if appropriate, thanks.
Comment 2 Andrej Kacian (RETIRED) gentoo-dev 2006-10-16 04:51:35 UTC 
Works fine on my x86 box. Marked stable.
Comment 3 Markus Rothe (RETIRED) gentoo-dev 2006-10-16 10:22:33 UTC 
ppc64 stable
Comment 4 Jason Wever (RETIRED) gentoo-dev 2006-10-16 16:51:19 UTC 
Stable on the only real 64 bit architorture.
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2006-10-18 11:28:30 UTC 
ppc stable
Comment 6 René Nussbaumer (RETIRED) gentoo-dev 2006-10-20 01:37:41 UTC 
Stable on hppa. Sorry for the delay. Got my machine back running.
Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-10-20 03:17:26 UTC 
thanks killerfox
Comment 8 Bryan Østergaard (RETIRED) gentoo-dev 2006-10-20 04:39:50 UTC 
Stable on Alpha + ia64.
Comment 9 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-10-23 08:42:23 UTC 
amd64 team ? we're late regarding the policy and the severity of this vulnerability.
Comment 10 Patrick McLean gentoo-dev 2006-10-24 07:36:15 UTC 
stable on amd64.
Comment 11 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-10-24 07:39:27 UTC 
Thanks Patrick
Comment 12 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-10-26 15:14:33 UTC 
GLSA 200610-10