OPSA_20060114: clamav -- heap overflow in the UPX code

 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OPSA_20060114: clamav -- heap overflow in the UPX code

Robert Nagy
+--------------------------------------------------------------------------
| OpenBSD Package Security Advisory                         OPSA 20060114-0
+--------------------------------------------------------------------------

Short description
-----------------
clamav -- heap overflow in the UPX code

Affected packages linked to affected branches
---------------------------------------------
clamav < 0.88 ----------> HEAD (OpenBSD -current)
clamav < 0.88 ----------> OPENBSD_3_8 (OpenBSD 3.8)
clamav < 0.88 ----------> OPENBSD_3_7 (OpenBSD 3.7)

Detailed description
--------------------
A vulnerability has been reported in ClamAV,
which potentially can be exploited by malicious
people with an unknown impact.
The vulnerability is caused due to an unspecified
boundary error in "libclamav/upx.c".
This can potentially be exploited to cause a heap-based
buffer overflow via a specially-crafted UPX packed file.

References
----------
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162
http://secunia.com/advisories/18379

Solution
--------

   a) You can update your ports tree via CVS described at
      http://www.openbsd.org/ports.html#stable
     
      Then you can recompile the port and reinstall it.
     
      (Please be careful to use the correct CVS branch)
     
   b) You can install the fixed package from our FTP servers
     
      $ pkg_add -r ftp://ftp.openbsd.org/\
        pub/OpenBSD/3.8/packages/i386/clamav-0.88.tgz
     
      (Please be careful to use the correct release.)
      (Note: We only provide fixed packages for i386.
       You will need to recompile from the ports tree
       if you use a different architecture.)

+---------------------------------------------------------------------------
| If you have any problem, feel free to write to the OpenBSD ports mailing
| list. Please visit http://www.openbsd.org/mail.html for more information
| about our mailing lists.
+---------------------------------------------------------------------------