Bug 427286 - (CVE-2007-6596) CVE-2007-6596 clamav does not recognize Base64-UUEncoded files
CVE-2007-6596 clamav does not recognize Base64-UUEncoded files
Status: CLOSED UPSTREAM
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-02 14:46 EST by Lubomir Kundrak
Modified: 2008-04-25 04:44 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-25 04:44:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2008-01-02 14:46:45 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6596 to the following vulnerability:

ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.

References:

http://www.securityfocus.com/archive/1/archive/1/485631/100/0/threaded
http://www.securityfocus.com/bid/27064
Comment 2 Lubomir Kundrak 2008-01-02 14:58:28 EST
Some do not consider this a security flaw and consider it a flaw of mail clients
which open files encoded in a nonstandard way. [1] It makes some sense, but it
definitely makes more sense to protect all possible clients therefore we do
consider it a problem.

I guess it is nontrivial to add and maintain a base64 decoder in our package --
is upstream going to implement this?

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458532
Comment 3 Tomas Hoger 2008-04-25 04:44:30 EDT
Upstream statement:

http://lurker.clamav.net/message/20080102.195717.b4bbdef2.en.html

  This is not really a security bug but rather a lack of feature. Any (massive)
  attempt to bypass the uuencode decoder can be stopped with regular signatures
  thanks to the fact that ClamAV additionally scans all files in raw mode.

Upstream considers this as RFE as well.  I'm closing this as UPSTREAM.  If this
will be implemented upstream, we'll have the "fix" after next re-base, which
happens frequently in Fedora and EPEL.

Note You need to log in before you can comment on or make changes to this bug.