lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Jul 2005 11:22:10 +0200
From: nick <nick@...ilia.it>
To: list@...0te.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: ClamAV Multiple Rem0te Buffer Overflows


list@...0te.com wrote:
> Date
> July 25, 2005
> 
> Vulnerability
> ClamAV is the most widely used GPL antivirus library today. It provides file format support for virus analysis. During analysis ClamAV Antivirus Library is vulnerable to buffer overflows allowing attackers complete control of the system. These vulnerabilities can be exploited remotely without user interaction or authentication through common protocols such as SMTP, SMB, HTTP, FTP, etc. 
> 
> Specifically, ClamAV is responsible for parsing multiple file formats. At least 4 of its file format processors contain remote security bugs. Specifically, during the processing of TNEF, CHM, & FSG formats an attacker is able to trigger several integer overflows that allow attackers to overwrite heap data to obtain complete control of the system. These vulnerabilities can be reached by default and triggered without user interaction by sending an e-mail containing crafted data. 
> 
> Impact
> Successful exploitation of ClamAV protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. ClamAV implementations are likely vulnerable in their default configuration.
> 
> Affected Products
> ClamAV – 0.86.1 (current) and prior
> 
> There are numerous implementations of ClamAV listed on their site which are likely vulnerable. One party of note is Apple. Apple includes ClamAV by default in Mac OS X Server. In addition, ClamAV has been ported to windows and a variety of other platforms by third parties who’s implementations are also likely vulnerable. Refer to vendor for specifics.
> 
> Credit
> These vulnerabilities were discovered and researched by Neel Mehta & Alex Wheeler.
> 
> Contact
> security@...0te.com 
> 
> Details
> http://www.rem0te.com/public/images/clamav.pdf
> 
> 
> 
> 
> 
> 

The clamav.net front page says "Latest ClamAV stable release is: 0.86.2".

Is this included in your advisory?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ