[Fixed]CVE-2008-1100(ClamAV)

infwonder · **Posted:** Mon Apr 14, 2008 5:18 pm

This security issue was discovered by Secunia. It currently affects ALL versions of Clam AV. (0.92.1 is the lastest). The new release should be out soon.

Secunia Research 14/04/2008 (Mailing List) wrote:

...
Rating: Highly critical
Impact: System access
Where: From remote
...
The vulnerability is caused due to a boundary error within the
"cli_scanpe()" function in libclamav/pe.c. This can be exploited to
cause a heap-based buffer overflow via a specially crafted "Upack"
executable.
...

It seems that the vulnerable part is in the code for PE files (windows portable executables) While the possible impact to pure Linux user is unclear, you might want to switch off the ScanPE option in clam.conf before it gets fixed.

!8!

infwonder · **Posted:** Tue Apr 15, 2008 4:55 pm

version 0.93 (stable) is out!

This update also fix another security issue: CVE-2008-1387

Quote:

...
If you're running clamav on a mailserver, an attacker can DoS your Server remotely by sending some mails with the archive attached.
...

http://www.clamav.net/download/sources

Son|c · **Posted:** Tue Apr 15, 2008 5:54 pm

Done.

viewtopic.php?f=37&t=15769

Emmanuel

infwonder · **Posted:** Wed Apr 16, 2008 12:24 am

Son|c wrote:

Done.

viewtopic.php?f=37&t=15769

Emmanuel

Thanks! $\!D/$

[Fixed]CVE-2008-1100(ClamAV)

Who is online