The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of ClamAV: buffer overflow of UPX

Synthesis of the vulnerability 

An attacker can create a malicious UPX program in order to run code on ClamAV.
Impacted systems: ClamAV, Debian, Mandriva Linux, NETASQ, OpenBSD.
Severity of this alert: 2/4.
Creation date: 10/01/2006.
Revision date: 13/01/2006.
Références of this alert: BID-16191, CERTA-2006-AVI-012, CVE-2006-0162, DSA-947-1, DSA-947-2, MDKSA-2006:016, OPSA_20060114, VIGILANCE-VUL-5501, VU#385908, ZDI-06-001.

Description of the vulnerability 

Programs can be packed in order to shrink their size and make their analyze more complex. ClamAV supports UPX packer (Ultimate Packer for eXecutables).

A program compacted with UPX can lead to a buffer overflow in libclamav/upx.c.

An attacker can therefore send a compacted program in order to run code or to conduct a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as ClamAV, Debian, Mandriva Linux, NETASQ, OpenBSD.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 

ClamAV: version 0.88.
Version 0.88 is corrected:
  http://www.clamav.net/

Debian: new clamav packages.
New packages are available:
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 65156 1946d6cf8d0af3ebf4ed758f59c19b65
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 40204 c64e261503f707d6c647521feda8b4bf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 2171518 502a36afbd597e4b0389b4e2621a63ce
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 38016 b4538b96bf9460a87ffc96a7eeae0f22
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 159468 50857534f3bac68c8a1825c622fca79d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 254174 23d65ce39c60118ad01a5e2f631dcaa7
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 81718 b61f42422463bc3ffb660ed4aa580fa4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 55100 301227c416f24fd8d2ef0ab36c9603ba
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 2180080 8f4e17639f1c984dd5aea42e938f2f10
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 49204 a37aeeba10fb089f32ad70c94bfed116
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 251894 02f094895cd7590fb2b2ce2f91d59dcc
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 317446 b627015d823405aec3429dc9b7b21e53

Mandriva: new clamav packages.
New packages are available:
 Mandriva Linux 10.1:
 a6f50f607308d688ae0acbb8a03be62f 10.1/RPMS/clamav-0.88-0.1.101mdk.i586.rpm
 4a91d81f7ca2baa8392e9822493e9bad 10.1/RPMS/clamav-db-0.88-0.1.101mdk.i586.rpm
 f37f5611b73a0b39efc030a7380fd231 10.1/RPMS/clamav-milter-0.88-0.1.101mdk.i586.rpm
 3a358f56b38d12dd2f406ad01e4d15d1 10.1/RPMS/clamd-0.88-0.1.101mdk.i586.rpm
 1073d9acede45ae3712dde6016d93776 10.1/RPMS/libclamav1-0.88-0.1.101mdk.i586.rpm
 3ed0c1a49b4a7aaf2438d2c65a14cf46 10.1/RPMS/libclamav1-devel-0.88-0.1.101mdk.i586.rpm
 70ca1d9a3498e82d89d1d8a5ef7386f6 10.1/SRPMS/clamav-0.88-0.1.101mdk.src.rpm
 Mandriva Linux 10.1/X86_64:
 da3e4a1571a2e98591c6324a06d5dbc1 x86_64/10.1/RPMS/clamav-0.88-0.1.101mdk.x86_64.rpm
 1d3a2630d32b08fbb72ccf5543d9ab93 x86_64/10.1/RPMS/clamav-db-0.88-0.1.101mdk.x86_64.rpm
 0bb23a740d77e519f79336dd94624995 x86_64/10.1/RPMS/clamav-milter-0.88-0.1.101mdk.x86_64.rpm
 fcb790c235e892f2bcb3e40073de37dc x86_64/10.1/RPMS/clamd-0.88-0.1.101mdk.x86_64.rpm
 5fbe68962ebdb338f7f2dd642af2e2c5 x86_64/10.1/RPMS/lib64clamav1-0.88-0.1.101mdk.x86_64.rpm
 588f38077ecc9334d87bc32d55d19693 x86_64/10.1/RPMS/lib64clamav1-devel-0.88-0.1.101mdk.x86_64.rpm
 70ca1d9a3498e82d89d1d8a5ef7386f6 x86_64/10.1/SRPMS/clamav-0.88-0.1.101mdk.src.rpm
 Mandriva Linux 10.2:
 d2cf2ff410e827248183514a3d28bbee 10.2/RPMS/clamav-0.88-0.1.102mdk.i586.rpm
 c6dc409a0ca4464c89fea392773afc2a 10.2/RPMS/clamav-db-0.88-0.1.102mdk.i586.rpm
 c3f0b3ca067b4ed9cef80a9a3235b584 10.2/RPMS/clamav-milter-0.88-0.1.102mdk.i586.rpm
 1c8c9376e21ae2ffe69d2a932a84b1d6 10.2/RPMS/clamd-0.88-0.1.102mdk.i586.rpm
 513f0a8e2f11b87c8aa53bcb73c442af 10.2/RPMS/libclamav1-0.88-0.1.102mdk.i586.rpm
 0add915e8292b4103a1a70a8024a9c14 10.2/RPMS/libclamav1-devel-0.88-0.1.102mdk.i586.rpm
 e7b233b0e93148483eaddc13fb2c08ca 10.2/SRPMS/clamav-0.88-0.1.102mdk.src.rpm
 Mandriva Linux 10.2/X86_64:
 95f3d51d9161e8ce768d539fb09bf61e x86_64/10.2/RPMS/clamav-0.88-0.1.102mdk.x86_64.rpm
 32d954251997dfe4c6a90b47c1afc043 x86_64/10.2/RPMS/clamav-db-0.88-0.1.102mdk.x86_64.rpm
 d65805c70d7610d8c8c4398e061263a2 x86_64/10.2/RPMS/clamav-milter-0.88-0.1.102mdk.x86_64.rpm
 435700e77ca28dc666e192e7478f7d2e x86_64/10.2/RPMS/clamd-0.88-0.1.102mdk.x86_64.rpm
 511343643497d4b9766b57fe8f04273e x86_64/10.2/RPMS/lib64clamav1-0.88-0.1.102mdk.x86_64.rpm
 d0eed7f044d7e8a7f4db533af5fe9ad9 x86_64/10.2/RPMS/lib64clamav1-devel-0.88-0.1.102mdk.x86_64.rpm
 e7b233b0e93148483eaddc13fb2c08ca x86_64/10.2/SRPMS/clamav-0.88-0.1.102mdk.src.rpm
 Mandriva Linux 2006.0:
 56058f4cd26122cea69427cc67865c87 2006.0/RPMS/clamav-0.88-0.1.20060mdk.i586.rpm
 fc2da08ef403505d405c27ecf7e70906 2006.0/RPMS/clamav-db-0.88-0.1.20060mdk.i586.rpm
 bc9b7175371d7e79dd24eb4eae959963 2006.0/RPMS/clamav-milter-0.88-0.1.20060mdk.i586.rpm
 33c61bd443c38a580d0951cce4fd0fc4 2006.0/RPMS/clamd-0.88-0.1.20060mdk.i586.rpm
 52ac84d0d82955075917b5d1746f3c89 2006.0/RPMS/libclamav1-0.88-0.1.20060mdk.i586.rpm
 17b683eff95867f061c337a5a5ddfc98 2006.0/RPMS/libclamav1-devel-0.88-0.1.20060mdk.i586.rpm
 6b9450ddd32e67b51b6210c881c4ee57 2006.0/SRPMS/clamav-0.88-0.1.20060mdk.src.rpm
 Mandriva Linux 2006.0/X86_64:
 9f8c4d9df419f07e9b77805cc44def6d x86_64/2006.0/RPMS/clamav-0.88-0.1.20060mdk.x86_64.rpm
 052b2bce512f66ae755ca5c546e617e2 x86_64/2006.0/RPMS/clamav-db-0.88-0.1.20060mdk.x86_64.rpm
 7baabc483eb84d4aa57d4eab4780e0d6 x86_64/2006.0/RPMS/clamav-milter-0.88-0.1.20060mdk.x86_64.rpm
 7dedeeafe3bb5d61787d8d580cf47a10 x86_64/2006.0/RPMS/clamd-0.88-0.1.20060mdk.x86_64.rpm
 ab4d8c33215c6937e78d817b24a411e7 x86_64/2006.0/RPMS/lib64clamav1-0.88-0.1.20060mdk.x86_64.rpm
 dcd8465544b9e49d81788220d166c128 x86_64/2006.0/RPMS/lib64clamav1-devel-0.88-0.1.20060mdk.x86_64.rpm
 6b9450ddd32e67b51b6210c881c4ee57 x86_64/2006.0/SRPMS/clamav-0.88-0.1.20060mdk.src.rpm
 Corporate 3.0:
 83adb159a2d4529422cc13d5946ba755 corporate/3.0/RPMS/clamav-0.88-0.1.C30mdk.i586.rpm
 cc58276368f5eb263516a55376cb1d4d corporate/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.i586.rpm
 ebda4c6c4e070ae0b02327f64ce5f8c1 corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.i586.rpm
 2343c8e3cb71f9c1f94a04ea153df0b0 corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.i586.rpm
 9b9516676a908e9706070f924d127241 corporate/3.0/RPMS/libclamav1-0.88-0.1.C30mdk.i586.rpm
 66c4f79955843bb0dab60021eeda4b89 corporate/3.0/RPMS/libclamav1-devel-0.88-0.1.C30mdk.i586.rpm
 e670f8e1032dd9cbf38479f5bc695730 corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 cb622db3837b0019ee05fab5b93b3a73 x86_64/corporate/3.0/RPMS/clamav-0.88-0.1.C30mdk.x86_64.rpm
 e35b47f2bb233a6a63da9111f33d34b1 x86_64/corporate/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.x86_64.rpm
 0bd8f3b55cdf12eb23e1450a116f42d1 x86_64/corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.x86_64.rpm
 c03051f1e521db11b0604ed123caaa24 x86_64/corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.x86_64.rpm
 d9ad3e9cf881de0185cf58ae80c89391 x86_64/corporate/3.0/RPMS/lib64clamav1-0.88-0.1.C30mdk.x86_64.rpm
 0148db41a8e5724cd229ea866b7037ad x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88-0.1.C30mdk.x86_64.rpm
 e670f8e1032dd9cbf38479f5bc695730 x86_64/corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm

Netasq Firewall: version 6.1.4.
Version 6.1.4 is corrected: http://www.netasq.fr/

OpenBSD: new clamav packages.
New packages are available:
  ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/clamav-0.88.tgz
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity announce. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.