ClamAV Upack Processing Buffer Overflow Vulnerability
Bug #217256 reported by
stiV
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
clamav (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Scott Kitterman | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
Medium
|
Unassigned | ||
Gutsy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: clamav
see http://
there is no fix available, but should be soon.
"Secunia Research has discovered a vulnerability in ClamAV, which can
be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the
"cli_scanpe()" function in libclamav/pe.c. This can be exploited to
cause a heap-based buffer overflow via a specially crafted "Upack"
executable.
Successful exploitation allows execution of arbitrary code."
To post a comment you must log in.
A fix for this is uploaded to Debian and I've asked to have it sync'ed for Hardy. We'll also get updates done for the earlier releases as needed.