|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
A remote overflow exists in Clam AntiVirus. Clam AntiVirus fails to perform adequate boundary check in libclamav/fsg.c, resulting in a heap overflow. With a specially crafted request, an attacker can gain privileges equal to those of the Clam AntiVirus process, possibly allowing for a remote system compromise.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Technical |
FSG processing contains a faulty boundary check that results in a buffer overflow. The following is vulnerable code from unfsg() in fsg.c. Specifically, backbytes and backsize are essentially encoded arbitrary 32-bit unsigned integers; and, if both are slightly negative values an attacker can trigger a
heap overflow because of the integer wraps in the boundary check.
if (cdst-backbytes < dest | cdst+backsize >= dest+dsize)
return -1;
while(backsize--) {
*cdst=*(cdst-backbytes);
cdst++;
}
|
|
Solution |
Upgrade to version 0.86.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Clam AntiVirus
 |
0.86.1 |
0.86.0 |
0.85.x |
0.84.x |
0.83.x |
0.82.x |
0.81.x |
0.80.x |
0.75.x |
0.74.x |
0.73.x |
0.72.x |
0.71.x |
0.70.x |
|
|
|
|
|
|
Credit |
- Neel Mehta - Internet Security Systems
- Alex Wheeler - IBM ISS X-Force
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
