[Comm] Fwd: [Backports] Re: clamav vulnerabilities

Вс Ноя 13 21:43:29 MSK 2005

----- Forwarded message from "Konstantin A. Lepikhov" <lakostis/anti-leasure.ru> -----

Date: Sun, 13 Nov 2005 16:15:22 +0300 (MSK)
From: "Konstantin A. Lepikhov" <lakostis/anti-leasure.ru>
To: backports/lists.altlinux.org
Subject: [Backports] Re: clamav vulnerabilities

<цитата от="Sergey Y. Afonin">
<skip>
> Я не стал в апдейты собирать 0.87, так как
> не увидел в ченджлоге
> ничего особо серьезного, а со временем
> туговато несколько. 0.87.1
> гляну сегодня. Что касается
(5) HIGH: ClamAV FSG File Handling Overflow
Affected:
Clam AntiVirus versions 0.80 through 0.87

Description: ClamAV is an open-source antivirus software designed mainly
for scanning emails on UNIX mail gateways. The software includes a virus
scanning library - libClamAV. This library is used by many third party
email, web, FTP scanners as well as mail clients. The library contains
a buffer overflow that can be triggered by specially crafted FSG (Packed
Executable Format) files. The attacker can send the malicious file via
email, web, FTP or a file share, and exploit the buffer overflow to
execute arbitrary code on the system running the ClamAV library. The
technical details can be obtained by comparing the fixed and the
affected versions of the software. Note that for compromising the
mail/web/FTP gateways no user interaction is required.

Status: Version 0.87.1 fixes this overflow. The update also fixes other
DoS vulnerabilities. Please look for third party updates for the
software linked to libClamAV.

Council Site Actions: The affected software and/or configuration are not
in production or widespread use, or are not officially supported at any
of the council sites. They reported that no action was necessary.

References:
TippingPoint Advisory
http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html
Third Party Software Using ClamAV
http://www.clamav.net/whos.html#pagestart  (Includes Mac OS X server)
http://www.clamav.net/3rdparty.html#pagestart
SecurityFocus BID
http://www.securityfocus.com/bid/15318

PS 0.87.1 положен в updates.

-- 
WBR et al.

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike на altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 189 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url     : <http://lists.altlinux.org/pipermail/community/attachments/20051113/d14c5114/attachment-0003.bin>