Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 143093 - app-antivirus/clamav: <=0.88.3 boundary error
Summary: app-antivirus/clamav: <=0.88.3 boundary error
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa] Falco
Depends on:
Reported: 2006-08-07 07:54 UTC by Raphael Marichez (Falco) (RETIRED)
Modified: 2006-09-02 15:42 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-07 07:54:07 UTC
Hi teams,

clamav is vulnerable :(

SA 21374:

Damian Put has discovered a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to an boundary error in the "pefromupx()" function in libclamav/upx.c when unpacking PE executable files compressed with UPX. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX compressed file.

Successful exploitation crashes the service and may allow execution of arbitrary code.

The vulnerability has been confirmed in versions 0.88.2 and 0.88.3. Other versions may also be affected.

Disable the "ScanPE" option for clamd and start clamscan with the "--no-pe" option. Please note that this completely disables the scanning of PE files. Then block or filter PE files in some other way.

Provided and/or discovered by:
Damian Put

Original Advisory: "
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-07 07:55:32 UTC
note that ScanPE is enabled by default

let's wait for a patch or update...
Comment 2 Andrej Kacian (RETIRED) gentoo-dev 2006-08-07 12:50:11 UTC
0.88.4 is out, I'll commit the ebuild in few minutes
Comment 3 Andrej Kacian (RETIRED) gentoo-dev 2006-08-07 16:52:49 UTC
Ebuild for 0.88.4 is in the tree now - by the power bestowed unto me by jaervosz, I'm CCing arch teams, please do your magic.

x86 has been stabilized by me already, after testing on two stable boxes.
Comment 4 Jason Wever (RETIRED) gentoo-dev 2006-08-07 17:46:32 UTC
SPARC virus detected, all your arch are belong to us!
Comment 5 Fernando J. Pereda (RETIRED) gentoo-dev 2006-08-07 17:53:03 UTC
Looks fine on Alpha.
Comment 6 Scott Stoddard (RETIRED) gentoo-dev 2006-08-07 18:05:33 UTC
amd64 done.
Comment 7 Luca Barbato gentoo-dev 2006-08-07 18:11:41 UTC
ppc follows
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2006-08-07 23:31:59 UTC
ppc64 stable
Comment 9 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-08 00:27:46 UTC
debian isn't updated yet, we may have a chance !  :)
Comment 10 René Nussbaumer (RETIRED) gentoo-dev 2006-08-08 02:12:46 UTC
stable on hppa
Comment 11 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-08 02:35:30 UTC
Ready for GLSA ! :)
Comment 12 Matthias Geerdsen (RETIRED) gentoo-dev 2006-08-08 07:13:46 UTC
GLSA 200608-13

thanks for the quick work on this one