Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13767
HistoryAug 07, 2006 - 12:00 a.m.

[SA21374] Clam AntiVirus pefromupx() Buffer Overflow Vulnerability

2006-08-0700:00:00
vulners.com
16
JSON

Hardcore Disassembler / Reverse Engineer Wanted!

Want to work with IDA and BinDiff?
Want to write PoC's and Exploits?

Your nationality is not important.
We will get you a work permit, find an apartment, and offer a
relocation compensation package.

http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE:
Clam AntiVirus pefromupx() Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA21374

VERIFY ADVISORY:
http://secunia.com/advisories/21374/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
Clam AntiVirus (clamav) 0.x
http://secunia.com/product/2538/

DESCRIPTION:
Damian Put has discovered a vulnerability in Clam AntiVirus, which
can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to an boundary error in the
"pefromupx()" function in libclamav/upx.c when unpacking PE
executable files compressed with UPX. This can be exploited to cause
a heap-based buffer overflow via a specially crafted UPX compressed
file.

Successful exploitation crashes the service and may allow execution
of arbitrary code.

The vulnerability has been confirmed in versions 0.88.2 and 0.88.3.
Other versions may also be affected.

SOLUTION:
Disable the "ScanPE" option for clamd and start clamscan with the
"–no-pe" option. Please note that this completely disables the
scanning of PE files. Then block or filter PE files in some other
way.

PROVIDED AND/OR DISCOVERED BY:
Damian Put

ORIGINAL ADVISORY:
http://www.overflow.pl/adv/clamav_upx_heap.txt

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

JSON