The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


ClamAV Multiple Rem0te Buffer Overflows


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
From: [email protected]
To: [email protected]
Date: Mon, 25 Jul 2005 13:29:28 +0000
Subject: ClamAV Multiple Rem0te Buffer Overflows
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: antivirus-gw at tyumen.ru

Date
July 25, 2005

Vulnerability
ClamAV is the most widely used GPL antivirus library today. It provides f=
ile format support for virus analysis. During analysis ClamAV Antivirus L=
ibrary is vulnerable to buffer overflows allowing attackers complete cont=
rol of the system. These vulnerabilities can be exploited remotely withou=
t user interaction or authentication through common protocols such as SMT=
P, SMB, HTTP, FTP, etc. 

Specifically, ClamAV is responsible for parsing multiple file formats. At=
 least 4 of its file format processors contain remote security bugs. Spec=
ifically, during the processing of TNEF, CHM, & FSG formats an attacker i=
s able to trigger several integer overflows that allow attackers to overw=
rite heap data to obtain complete control of the system. These vulnerabil=
ities can be reached by default and triggered without user interaction by=
 sending an e-mail containing crafted data. 

Impact
Successful exploitation of ClamAV protected systems allows attackers unau=
thorized control of data and related privileges. It also provides leverag=
e for further network compromise. ClamAV implementations are likely vulne=
rable in their default configuration.

Affected Products
ClamAV =E2=80=93 0.86.1 (current) and prior

There are numerous implementations of ClamAV listed on their site which a=
re likely vulnerable. One party of note is Apple. Apple includes ClamAV b=
y default in Mac OS X Server. In addition, ClamAV has been ported to wind=
ows and a variety of other platforms by third parties who=E2=80=99s imple=
mentations are also likely vulnerable. Refer to vendor for specifics.

Credit
These vulnerabilities were discovered and researched by Neel Mehta & Alex=
 Wheeler.

Contact
[email protected] 

Details
http://www.rem0te.com/public/images/clamav.pdf








<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру