Bug 432623

Summary: Further ClamAV libclamav PE File Integer Overflow Vulnerability
Product: [Fedora] Fedora EPEL Reporter: Robert Scheck <redhat-bugzilla>
Component: clamavAssignee: Steven Pritchard <steve>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: el5CC: felix.schwarz, robert.scheck
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658
Whiteboard:
Fixed In Version: 0.92.1-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-14 16:40:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 432753    

Description Robert Scheck 2008-02-13 13:37:36 UTC 
Description of problem:
Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' 
ClamAV, as included in various vendors' operating system distributions, allows 
attackers to execute arbitrary code with the privileges of the affected 
process. 

The vulnerability exists within the code responsible for parsing and scanning 
PE files. While iterating through all sections contained in the PE file, 
several attacker controlled values are extracted from the file. On each 
iteration, arithmetic operations are performed without taking into 
consideration 32-bit integer wrap. 

Since insufficient integer overflow checks are present, an attacker can cause
a heap overflow by causing a specially crafted Petite packed PE binary to be 
scanned. This results in an exploitable memory corruption condition.

Version-Release number of selected component (if applicable):
clamav-0.92-4.1

Expected results:
Immediate upgrade to 0.92.1
Comment 1 Robert Scheck 2008-02-13 13:38:03 UTC 
http://sourceforge.net/project/shownotes.php?release_id=575703&group_id=86638
Comment 2 Felix Schwarz 2008-02-13 21:04:36 UTC 
This is CVE-2008-0318.
Comment 3 Robert Scheck 2008-02-13 21:17:20 UTC 
This is CVE-2008-0318.
Comment 4 Robert Scheck 2008-02-14 16:40:30 UTC 
38334 (clamav): Build on target fedora-5-epel succeeded.
38335 (clamav): Build on target fedora-4-epel succeeded.