|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
A remote overflow exists in Clam AntiVirus. Clam AntiVirus fails to perform adequate boundary check in libclamav/chmunpack.c, resulting in a heap overflow. With a specially crafted request, an attacker can gain privileges equal to those of the Clam AntiVirus process, possibly allowing for a remote system compromise.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Technical |
CHM processing contains an integer overflow that results in heap corruption. The following is vulnerable code from read_chunk_entries() in chmunpack.c. If length is -1, it will wrap and malloc() will return small heap buffer which is overflowed on the following strncpy().
name_len = read_enc_int(¤t, end);
file_e->name = (unsigned char *) cli_malloc(name_len+1);
if (!file_e->name) {
free(file_e);
return FALSE;
}
strncpy(file_e->name, current, name_len);
|
|
Solution |
Upgrade to version 0.86.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Clam AntiVirus
 |
0.86.1 |
0.85.x |
0.84.x |
0.83.x |
0.82.x |
0.81.x |
0.80.x |
0.75.x |
0.74.x |
0.73.x |
0.72.x |
0.71.x |
0.70.x |
|
|
|
|
|
|
Credit |
- Neel Mehta - Internet Security Systems
- Alex Wheeler - IBM ISS X-Force
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
