From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6 Description of problem: From: <list_at_rem0te.com> Date: Mon, 25 Jul 2005 13:29:28 +0000 Date July 25, 2005 Vulnerability ClamAV is the most widely used GPL antivirus library today. It provides file format support for virus analysis. During analysis ClamAV Antivirus Library is vulnerable to buffer overflows allowing attackers complete control of the system. These vulnerabilities can be exploited remotely without user interaction or authentication through common protocols such as SMTP, SMB, HTTP, FTP, etc. Specifically, ClamAV is responsible for parsing multiple file formats. At least 4 of its file format processors contain remote security bugs. Specifically, during the processing of TNEF, CHM, & FSG formats an attacker is able to trigger several integer overflows that allow attackers to overwrite heap data to obtain complete control of the system. These vulnerabilities can be reached by default and triggered without user interaction by sending an e-mail containing crafted data. Impact Successful exploitation of ClamAV protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. ClamAV implementations are likely vulnerable in their default configuration. Affected Products ClamAV 0.86.1 (current) and prior There are numerous implementations of ClamAV listed on their site which are likely vulnerable. One party of note is Apple. Apple includes ClamAV by default in Mac OS X Server. In addition, ClamAV has been ported to windows and a variety of other platforms by third parties whos implementations are also likely vulnerable. Refer to vendor for specifics. Credit These vulnerabilities were discovered and researched by Neel Mehta & Alex Wheeler. Contact security_at_rem0te.com Details http://www.rem0te.com/public/images/clamav.pdf Version-Release number of selected component (if applicable): <= 0.86.1 How reproducible: Always Steps to Reproduce: Install affected product version (ClamAV 0.86.1 or prior) Additional info:
An updated release including fixes for these vulnerabilities is available upstream. http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=90197&release_id=344514
Resolved with the release of: clamav-0.86.2-2.fc5.i386.rpm clamav-data-0.86.2-2.fc5.i386.rpm clamav-devel-0.86.2-2.fc5.i386.rpm clamav-lib-0.86.2-2.fc5.i386.rpm clamav-milter-0.86.2-2.fc5.i386.rpm clamav-server-0.86.2-2.fc5.i386.rpm clamav-update-0.86.2-2.fc5.i386.rpm clamav-0.86.2-2.fc5.ppc.rpm clamav-data-0.86.2-2.fc5.ppc.rpm clamav-devel-0.86.2-2.fc5.ppc.rpm clamav-lib-0.86.2-2.fc5.ppc.rpm clamav-milter-0.86.2-2.fc5.ppc.rpm clamav-server-0.86.2-2.fc5.ppc.rpm clamav-update-0.86.2-2.fc5.ppc.rpm clamav-0.86.2-2.fc5.x86_64.rpm clamav-data-0.86.2-2.fc5.x86_64.rpm clamav-devel-0.86.2-2.fc5.x86_64.rpm clamav-lib-0.86.2-2.fc5.x86_64.rpm clamav-milter-0.86.2-2.fc5.x86_64.rpm clamav-server-0.86.2-2.fc5.x86_64.rpm clamav-update-0.86.2-2.fc5.x86_64.rpm Thanks a lot for your efforts!