Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 94306

Summary: app-antivirus/clamav: Command Execution Vulnerability
Product: Gentoo Security Reporter: Adir Abraham <adirab>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: trivial    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/13795/info/
Whiteboard:
Package list:
Runtime testing required: ---

Description Adir Abraham 2005-05-28 11:23:52 UTC 
From SecurityFocus.com:

Clam Anti-Virus ClamAV running on Mac OS X is affected by a command execution
vulnerability.

Reportedly, when a suspected infected file is handled by the application and it
cannot be removed, the application may attempt to copy it to another location
using the Mac OS X 'ditto' utility. The 'ditto' utility is called in an insecure
manner and the responsible function fails to sanitize the file name allowing an
attacker to include arbitrary commands in the file name that will be executed in
the context of ClamAV.

This can allow an attacker to gain unauthorized access to an affected computer.
It should be noted that the exploitation of vulnerability is only possible when
a malicious file is copied.

ClamAV versions 0.80rc4 to 0.84rc2 to are affected by this issue.

--

It says Mac OS X, but it might effect Gentoo as well (the report says something
about version 0.81 that doesn't exist in the tree, but also about 0.83 which
does exist in the tree). Anyway, a newer version exists also in the tree (0.85),
so probably the rest should be removed?

Letting you to decide.

Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-05-28 11:40:15 UTC 
This is macosX-only

Changes:
Fri Apr 29 14:18:18 CEST 2005
-----------------------------
  V 0.84
  * Fixes backported from CVS:
    - shared/misc.c: improve isnumb() (thanks to NJH) and move it to misc.c (tk)
    - freshclam/manager.c: allow warning control via txt record (tk)
    - shared/misc.c: (Mac OS X only) execute ditto with execl to eliminate
                      potential security problem with --move on OS X - server
		      versions (reported by Tim Morgan <tim*sentinelchicken.org>
		      and Kevin Amorin <kamorin*ccs.neu.edu>) (tk)
    - libclamav/chmunpack.c: Add extra sanity check (trog)
    - libclamav/upx.c: add sanity check to pefromupx() (patch by NJH) (tk)
    - libclamav/readdb.c: improve parsing of broken signatures (bug reported
      by Arnaud Jacques <arnaud*clamav.net>) (tk)
    - libclamav/scanners.c: improve error detection in zip code (tk)