ClamAV Buffer Overflow Vulnerability (CVE-2005-2920) Advisory

Clam AntiVirus Buffer Overflow Vulnerability (VU#363713) Overview A buffer overflow in Clam AntiVirus (ClamAV) may allow a remote attacker to execute arbitrary code. Description Clam AntiVirus is a UNIX-based anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV (libclamav/upx.c) may allow a buffer overflow to occur. If a remote attacker sends a specially crafted UPX-packed executable to a vulnerable ClamAV installation, the attacker may be able to trigger the buffer overflow. Impact A remote attacker may be able to execute arbitrary code with the privileges of the application linked to the ClamAV process. This vulnerability may prevent ClamAV from detecting malicious UPX-packed executables. Solution Upgrade: This issue was corrected in ClamAV 0.87. Do not access UPX-packed executables from untrusted sources: Exploitation occurs by specially crafted UPX-packed executables. Accessing UPX-packed executables from trusted sources reduces the risk. Vendor Information Affected: Clam AntiVirus, Debian Linux, FreeBSD, Inc., Mandriva, Inc., Ubuntu Not Affected: F5 Networks, Inc., Hitachi, Microsoft Corporation, Openwall GNU//Linux, Red Hat, Inc. CVSS Metrics Severity Metric: 6.75 References https://secunia.com/advisories/16848/ https://sourceforge.net/project/shownotes.php?release_id=356974 https://www.securityfocus.com/bid/14866 https://www.gentoo.org/security/en/glsa/glsa-200509-13.xml https://www.clamav.net/ https://www.mandriva.com/security/advisories?name=MDKSA-2005:166 Acknowledgements This vulnerability was reported by Thierry Carrez. The document was written by Jeff Gennari. Other Information CVE ID: CVE-2005-2920 Date Public: 2005-09-19 Date First Published: 2005-09-27 Date Last Updated: 2005-11-03 14:35 UTC Document Revision**: 45

Goal Reached Thanks to every supporter — we hit 100%!

ClamAV Buffer Overflow Vulnerability (CVE-2005-2920) Advisory