From: [email protected]
To: [email protected]
Date: Mon, 25 Jul 2005 13:29:28 +0000
Subject: ClamAV Multiple Rem0te Buffer Overflows
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: antivirus-gw at tyumen.ru
Date
July 25, 2005
Vulnerability
ClamAV is the most widely used GPL antivirus library today. It provides f=
ile format support for virus analysis. During analysis ClamAV Antivirus L=
ibrary is vulnerable to buffer overflows allowing attackers complete cont=
rol of the system. These vulnerabilities can be exploited remotely withou=
t user interaction or authentication through common protocols such as SMT=
P, SMB, HTTP, FTP, etc.
Specifically, ClamAV is responsible for parsing multiple file formats. At=
least 4 of its file format processors contain remote security bugs. Spec=
ifically, during the processing of TNEF, CHM, & FSG formats an attacker i=
s able to trigger several integer overflows that allow attackers to overw=
rite heap data to obtain complete control of the system. These vulnerabil=
ities can be reached by default and triggered without user interaction by=
sending an e-mail containing crafted data.
Impact
Successful exploitation of ClamAV protected systems allows attackers unau=
thorized control of data and related privileges. It also provides leverag=
e for further network compromise. ClamAV implementations are likely vulne=
rable in their default configuration.
Affected Products
ClamAV =E2=80=93 0.86.1 (current) and prior
There are numerous implementations of ClamAV listed on their site which a=
re likely vulnerable. One party of note is Apple. Apple includes ClamAV b=
y default in Mac OS X Server. In addition, ClamAV has been ported to wind=
ows and a variety of other platforms by third parties who=E2=80=99s imple=
mentations are also likely vulnerable. Refer to vendor for specifics.
Credit
These vulnerabilities were discovered and researched by Neel Mehta & Alex=
Wheeler.
Contact
[email protected]
Details
http://www.rem0te.com/public/images/clamav.pdf