CVE-2005-3303
CVSS7.5
发布时间 :2005-11-05 06:02:00
修订时间 :2011-03-07 21:26:14
NMCOPS    

[原文]The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.


[CNNVD]Clam Anti-Virus ClamAV FSG文件处理缓冲区溢出漏洞(CNNVD-200511-125)

        Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件。
        Clam AntiVirus (ClamAV) 0.80至0.87中的FSG解压缩程序(fsg.c),可让远程攻击者通过特制的FSG 1.33文件导致"内存毁坏"并执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:clam_anti-virus:clamav:0.86
cpe:/a:clam_anti-virus:clamav:0.80
cpe:/a:clam_anti-virus:clamav:0.81
cpe:/a:clam_anti-virus:clamav:0.85
cpe:/a:clam_anti-virus:clamav:0.86.2
cpe:/a:clam_anti-virus:clamav:0.86.1
cpe:/a:clam_anti-virus:clamav:0.82
cpe:/a:clam_anti-virus:clamav:0.87
cpe:/a:clam_anti-virus:clamav:0.85.1
cpe:/a:clam_anti-virus:clamav:0.84
cpe:/a:clam_anti-virus:clamav:0.83

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3303
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-125
(官方数据源) CNNVD

- 其它链接及资源

http://www.zerodayinitiative.com/advisories/ZDI-05-002.html
(VENDOR_ADVISORY)  MISC  http://www.zerodayinitiative.com/advisories/ZDI-05-002.html
http://sourceforge.net/project/shownotes.php?release_id=368319
(PATCH)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=368319
http://secunia.com/advisories/17434
(VENDOR_ADVISORY)  SECUNIA  17434
http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html
(VENDOR_ADVISORY)  BUGTRAQ  20051104 ZDI-05-002: Clam Antivirus Remote Code Execution
http://www.vupen.com/english/advisories/2005/2294
(UNKNOWN)  VUPEN  ADV-2005-2294
http://www.securityfocus.com/bid/15318
(UNKNOWN)  BID  15318
http://www.osvdb.org/20482
(UNKNOWN)  OSVDB  20482
http://www.mandriva.com/security/advisories?name=MDKSA-2005:205
(UNKNOWN)  MANDRIVA  MDKSA-2005:205
http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml
(UNKNOWN)  GENTOO  GLSA-200511-04
http://www.debian.org/security/2005/dsa-887
(UNKNOWN)  DEBIAN  DSA-887
http://securitytracker.com/id?1015154
(UNKNOWN)  SECTRACK  1015154
http://securityreason.com/securityalert/146
(UNKNOWN)  SREASON  146
http://secunia.com/advisories/17559
(UNKNOWN)  SECUNIA  17559
http://secunia.com/advisories/17501
(UNKNOWN)  SECUNIA  17501
http://secunia.com/advisories/17451
(UNKNOWN)  SECUNIA  17451
http://secunia.com/advisories/17448
(UNKNOWN)  SECUNIA  17448
http://secunia.com/advisories/17184
(UNKNOWN)  SECUNIA  17184

- 漏洞信息

Clam Anti-Virus ClamAV FSG文件处理缓冲区溢出漏洞
高危 边界条件错误
2005-11-05 00:00:00 2005-11-15 00:00:00
远程  
        Clam AntiVirus(ClamAV)是免费而且开放源代码的防毒软件。
        Clam AntiVirus (ClamAV) 0.80至0.87中的FSG解压缩程序(fsg.c),可让远程攻击者通过特制的FSG 1.33文件导致"内存毁坏"并执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F41389)

Debian Linux Security Advisory 887-1 (PacketStormID:F41389)
2005-11-08 00:00:00
Debian  security.debian.org
advisory,vulnerability
linux,unix,debian
CVE-2005-3239,CVE-2005-3303,CVE-2005-3500,CVE-2005-3501
[点击下载]

Debian Security Advisory DSA 887-1 - Several vulnerabilities have been discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 887-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 7th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3239 CVE-2005-3303 CVE-2005-3500 CVE-2005-3501

Several vulnerabilities have been discovered in Clam AntiVirus, the
antivirus scanner for Unix, designed for integration with mail servers
to perform attachment scanning.  The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2005-3239

    The OLE2 unpacker allows remote attackers to cause a segmentation
    fault via a DOC file with an invalid property tree, which triggers
    an infinite recursion.

CVE-2005-3303

    A specially crafted executable compressed with FSG 1.33 could
    cause the extractor to write beyond buffer boundaries, allowing an
    attacker to execute arbitrary code.

CVE-2005-3500

    A specially crafted CAB file could cause ClamAV to be locked in an
    infinite loop and use all available processor resources, resulting
    in a denial of service.

CVE-2005-3501

    A specially crafted CAB file could cause ClamAV to be locked in an
    infinite loop and use all available processor resources, resulting
    in a denial of service.

The old stable distribution (woody) does not contain clamav packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.6.

For the unstable distribution (sid) these problems have been fixed in
version 0.87.1-1.

We recommend that you upgrade your clamav packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6.dsc
      Size/MD5 checksum:      872 dbecf7f7f16f69bdbad77a24106f7779
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6.diff.gz
      Size/MD5 checksum:   177500 64ba2a8ad84cc961a564eaac4d65a642
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.6_all.deb
      Size/MD5 checksum:   154598 3a979fedbb1102fbe4c710621513ec4f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.6_all.deb
      Size/MD5 checksum:   690218 4143f2f7719c3a359e9c2c7079a9674f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.6_all.deb
      Size/MD5 checksum:   123568 2ac5e526c3063a704f68233a56b1d9a3

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_alpha.deb
      Size/MD5 checksum:    74682 a8a3aa80c3030c5541d5444f7dfb5e39
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_alpha.deb
      Size/MD5 checksum:    48774 64a2bfb8d0578085b4e64853a2c4686f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_alpha.deb
      Size/MD5 checksum:  2176366 88cce725133f000ca90f2db1cf05561f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_alpha.deb
      Size/MD5 checksum:    42114 b8c7c0ca88544cdaaba1b8a397cd8d83
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_alpha.deb
      Size/MD5 checksum:   255164 b245e6b7b72e215738a9ebabd5bf81f2
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_alpha.deb
      Size/MD5 checksum:   284690 377a0ba8c870ab5bfab6fe41cf8fb123

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_amd64.deb
      Size/MD5 checksum:    68874 f5d18144c18d86fbf2151d365e55da1c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_amd64.deb
      Size/MD5 checksum:    44190 58d96c1544570a9e54be0d24a66f8aa5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_amd64.deb
      Size/MD5 checksum:  2173202 5d0ed5492f4e7545d7dcb1a78bcfbfa1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_amd64.deb
      Size/MD5 checksum:    39986 356fffda8f5fd222e511a38f2ac41a9b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_amd64.deb
      Size/MD5 checksum:   175858 10a6af108612a49dd2017bd1cc1f4f6b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_amd64.deb
      Size/MD5 checksum:   258818 acef782c52d15b33be57f7d8fed22cdf

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_arm.deb
      Size/MD5 checksum:    63840 35a9525030ef7d747905c6d4e81b0173
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_arm.deb
      Size/MD5 checksum:    39518 a78e7ed137fe14172a1f6c6c3cf25d4e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_arm.deb
      Size/MD5 checksum:  2171210 d76f65b800ecedf17ba487f89b358453
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_arm.deb
      Size/MD5 checksum:    37304 118c5156e7b6bce4c52d764ac1a4fd25
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_arm.deb
      Size/MD5 checksum:   174032 0e29d572a3e3ecc5969d87ed156782bd
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_arm.deb
      Size/MD5 checksum:   248932 0c7f9cb5b78c4b64786b12dfb6d67e33

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_i386.deb
      Size/MD5 checksum:    65156 39cdd2f9a41dea19683d5b18ea13b052
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_i386.deb
      Size/MD5 checksum:    40212 768cff8dc82ac48caa234fefa17810fb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_i386.deb
      Size/MD5 checksum:  2171510 1bb8efa16e2da68a69feaf005da43daf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_i386.deb
      Size/MD5 checksum:    38024 63dfe7c832a43b5cb4c95a5d3c15b296
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_i386.deb
      Size/MD5 checksum:   158950 084d2af0dd69a20c9d822b7495bb1c48
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_i386.deb
      Size/MD5 checksum:   253384 9b340ea98aa2b5fe63d854d421a8d547

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_ia64.deb
      Size/MD5 checksum:    81708 e98c7c19177bd2338e9f8345a67943d9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_ia64.deb
      Size/MD5 checksum:    55092 4b67143870b597da701652a16a891bdd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_ia64.deb
      Size/MD5 checksum:  2180086 bd0fb7f407ffdb505fe5c8fdc71788f6
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_ia64.deb
      Size/MD5 checksum:    49194 25f2909f8d4dda708b16aae5a43fc07b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_ia64.deb
      Size/MD5 checksum:   251078 67d6352d8d21572a95699e1968cca1f1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_ia64.deb
      Size/MD5 checksum:   316668 a2752630e4ea263c7e0e2b000d6c07ad

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_hppa.deb
      Size/MD5 checksum:    68172 0e153f8fcadd9dce7e179fe303368428
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_hppa.deb
      Size/MD5 checksum:    43238 99751465b47eff1e2056d63b7d6b7adc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_hppa.deb
      Size/MD5 checksum:  2173618 4dc8f0a603d02ba9551da4e3e5da8b53
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_hppa.deb
      Size/MD5 checksum:    39450 7c7b9399856f59dd797ea5d72dc581a7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_hppa.deb
      Size/MD5 checksum:   201894 1ddec9057be15b5478c3141128dc710f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_hppa.deb
      Size/MD5 checksum:   282564 5b9fe2004960c51d85d4a5fc1c95076d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_m68k.deb
      Size/MD5 checksum:    62458 d60ff7b83bd40ffa90777eb9f8dc5804
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_m68k.deb
      Size/MD5 checksum:    38092 359f1de5b5683ca493313083c213b5ba
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_m68k.deb
      Size/MD5 checksum:  2170446 efeb66c6c3196a646c1d9730c700e8b3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_m68k.deb
      Size/MD5 checksum:    35074 5e0c25c92fe49c3b763ac4e29afa2d05
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_m68k.deb
      Size/MD5 checksum:   145850 c2b3fe912909a70dd0f34fc97dfd8859
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_m68k.deb
      Size/MD5 checksum:   249624 65e0f477086902569fba919f93e60ac2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_mips.deb
      Size/MD5 checksum:    67854 2fbfee6855dfcf176d2c597e28d192f3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_mips.deb
      Size/MD5 checksum:    43674 a2d1fefc687031fddb3ef316f0ef5e6f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_mips.deb
      Size/MD5 checksum:  2172976 e98effb47219f1ef0e9c93ecb264ff6e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_mips.deb
      Size/MD5 checksum:    37666 13e039151e67b7a426d0c408f488765b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_mips.deb
      Size/MD5 checksum:   194868 718cb7205eb187dd5c1094486c4f6944
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_mips.deb
      Size/MD5 checksum:   256726 9df477f6f225912ab79b60b904a2c969

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_mipsel.deb
      Size/MD5 checksum:    67486 50ecc3a0b4a9615e12b2d0970a7d4bf2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_mipsel.deb
      Size/MD5 checksum:    43500 03d76b290417cf2485da3c05335c0f23
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_mipsel.deb
      Size/MD5 checksum:  2172918 1fb7cc15ff3148cfaa9b5f6a31c4da0e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_mipsel.deb
      Size/MD5 checksum:    37954 fd7aeaf932e955edcc5458c8d4ce1ced
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_mipsel.deb
      Size/MD5 checksum:   191144 935057c7cf3a879179b009833cf9d256
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_mipsel.deb
      Size/MD5 checksum:   254270 806fdfdf35fb3ad77c2212c93f244502

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_powerpc.deb
      Size/MD5 checksum:    69246 3bd6270011341bb71acab16c564c7510
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_powerpc.deb
      Size/MD5 checksum:    44606 9a95ee4c1f44e3cf6e01f51b45c13ef9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_powerpc.deb
      Size/MD5 checksum:  2173582 c1fbeccbf7d5b9edb5fefef2c9b56d07
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_powerpc.deb
      Size/MD5 checksum:    38896 f5182a4b59a71aef47798511a7c6207e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_powerpc.deb
      Size/MD5 checksum:   187062 dd3887d23e68b5ea9c07c461fbad25d8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_powerpc.deb
      Size/MD5 checksum:   263932 de1915d7be9617f31865ea365d4b4fb3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_s390.deb
      Size/MD5 checksum:    67788 62ebbbd7ee24ed35453302724519a643
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_s390.deb
      Size/MD5 checksum:    43430 cece7b99db1d38b7148546af3def9cb4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_s390.deb
      Size/MD5 checksum:  2172866 48faee149dbaae1a1d85a661a825492e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_s390.deb
      Size/MD5 checksum:    38938 485d907f498854e3bd85534196dc1b8f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_s390.deb
      Size/MD5 checksum:   182184 744d54adafa399cd199603e744adda9f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_s390.deb
      Size/MD5 checksum:   268750 92ba1e3b3bb26cfb7dbf1dd5b05af81a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_sparc.deb
      Size/MD5 checksum:    64326 0e18c3ec2b79c481b7022291db62e783
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_sparc.deb
      Size/MD5 checksum:    39390 35c05a770994ead441702f284c3c49f4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_sparc.deb
      Size/MD5 checksum:  2171066 0b5d93a20422101929c1f8cccbd796b9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_sparc.deb
      Size/MD5 checksum:    36848 9f8b1bdd483acbd1c6f4b501f318854b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_sparc.deb
      Size/MD5 checksum:   175268 8fa22ccba8fc0c515867aa77ec0d88ce
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_sparc.deb
      Size/MD5 checksum:   264088 901bf68a7cf92b942844c4174c06971c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDb5bZW5ql+IAeqTIRAoTuAKCi3R5rPIPMqSBACKTZbtza4KnVgQCfc23u
VSumQEo2geROC9vdWcCrolg=
=S4Ku
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F41358)

Gentoo Linux Security Advisory 200511-4 (PacketStormID:F41358)
2005-11-08 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-3239,CVE-2005-3303
[点击下载]

Gentoo Linux Security Advisory GLSA 200511-04 - ClamAV has multiple security flaws: a boundary check was performed incorrectly in petite.c, a buffer size calculation in unfsg_133 was incorrect in fsg.c, a possible infinite loop was fixed in tnef.c and a possible infinite loop in cabd_find was fixed in cabd.c . In addition to this, Marcin Owsiany reported that a corrupted DOC file causes a segmentation fault in ClamAV. Versions less than 0.87.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200511-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: ClamAV: Multiple vulnerabilities
      Date: November 06, 2005
      Bugs: #109213
        ID: 200511-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

ClamAV has many security flaws which make it vulnerable to remote
execution of arbitrary code and a Denial of Service.

Background
==========

ClamAV is a GPL anti-virus toolkit, designed for integration with mail
servers to perform attachment scanning. ClamAV also provides a command
line scanner and a tool for fetching updates of the virus database.

Affected packages
=================

    -------------------------------------------------------------------
     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  app-antivirus/clamav      < 0.87.1                      >= 0.87.1

Description
===========

ClamAV has multiple security flaws: a boundary check was performed
incorrectly in petite.c, a buffer size calculation in unfsg_133 was
incorrect in fsg.c, a possible infinite loop was fixed in tnef.c and a
possible infinite loop in cabd_find was fixed in cabd.c . In addition
to this, Marcin Owsiany reported that a corrupted DOC file causes a
segmentation fault in ClamAV.

Impact
======

By sending a malicious attachment to a mail server that is hooked with
ClamAV, a remote attacker could cause a Denial of Service or the
execution of arbitrary code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ClamAV users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87.1"

References
==========

  [ 1 ] CAN-2005-3239
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239
  [ 2 ] CAN-2005-3303
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
  [ 3 ] ClamAV release notes
        http://sourceforge.net/project/shownotes.php?release_id=368319
  [ 4 ] Zero Day Initiative advisory
        http://www.zerodayinitiative.com/advisories/ZDI-05-002.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200511-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F41298)

Zero Day Initiative Advisory 05-02 (PacketStormID:F41298)
2005-11-05 00:00:00
ZDI,Tipping Point  zerodayinitiative.com
advisory,arbitrary,code execution
CVE-2005-3303
[点击下载]

ZDI-05-002: A vulnerability in the way ClamAV handles files compressed with FSG version 1.33 may allow for arbitrary code execution. Affected are Clam AntiVirus versions 0.80 through 0.87.

ZDI-05-002: Clam Antivirus Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-05-002.html
November 4th, 2005

-- CVE ID:
CAN-2005-3303

-- Affected Vendor:
Clam AntiVirus

-- Affected Products:
Clam AntiVirus 0.80 through 0.87

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since October 24th, 2005 by Digital Vaccine protection
filter ID 3874. For further product information on the TippingPoint IPS:

    http://www.tippingpoint.com 

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable ClamAV installations. Authentication is not required to
exploit this vulnerability.

This specific flaw exists within libclamav/fsg.c during the unpacking of
executable files compressed with FSG v1.33. Due to invalid bounds
checking when copying user-supplied data to heap allocated memory, an
exploitable memory corruption condition is created. The unpacking
algorithm for other versions of FSG is not affected. 

-- Vendor Response:
The bug has been fixed in version 0.87.1. Release notes:

    http://www.sourceforge.net/project/shownotes.php?release_id=368319 

-- Disclosure Timeline:
2005.10.24 - Vulnerability reported to vendor
2005.10.24 - Digital Vaccine released to TippingPoint customers
2005.10.25 - Vulnerability information provided to ZDI security partners
2005.11.04 - Public release of advisory

-- Credit:
This vulnerability was discovered by an anonymous ZDI researcher.

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, a division of 3Com, The Zero Day Initiative
(ZDI) represents a best-of-breed model for rewarding security
researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

    http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
who have a vulnerability protection or mitigation product.
    

- 漏洞信息

20482
Clam AntiVirus libclamav/fsg.c FSG File Processing Overflow
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Private Vendor Verified

- 漏洞描述

A remote overflow exists in Clam AntiVirus. The 'unfsg_133()' function in 'libclamav/fsg.c' fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted file compressed with FSG v1.33, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-11-04 Unknow
Unknow 2005-11-03

- 解决方案

Upgrade to version 0.87.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability
Boundary Condition Error 15318
Yes No
2005-11-04 12:00:00 2005-11-04 12:00:00
Discovery is credited to an anonymous source.

- 受影响的程序版本

Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Clam Anti-Virus ClamAV 0.87
Clam Anti-Virus ClamAV 0.86.2
Clam Anti-Virus ClamAV 0.86 .1
Clam Anti-Virus ClamAV 0.86
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus ClamAV 0.85
Clam Anti-Virus ClamAV 0.84 rc2
Clam Anti-Virus ClamAV 0.84 rc1
Clam Anti-Virus ClamAV 0.84
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus ClamAV 0.81
+ Gentoo Linux
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.75.1
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.67
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.51
Clam Anti-Virus ClamAV 0.87.1

- 不受影响的程序版本

Clam Anti-Virus ClamAV 0.87.1

- 漏洞讨论

ClamAV is prone to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue occurs when the application attempts to handle FSG files.

Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Gentoo has released advisory GLSA 200511-04 to address this issue. Gentoo updates may be applied by running the following commands as the superuser:

emerge --sync
emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87.1"

Debian GNU/Linux has released advisory DSA 887-1 to address this, and other issues in ClamAV. Please see the referenced advisory for further information.

Mandriva Linux has released security advisory MDKSA-2005:205 with fixes addressing this and other issues. Users are advised to see the referenced advisory for details on obtaining and applying the appropriate updates.

Conectiva Linux has released security advisory CLSA-2005:1044 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

The vendor has released version 0.87.1 of ClamAV to address this issue:


Clam Anti-Virus ClamAV 0.51

Clam Anti-Virus ClamAV 0.52

Clam Anti-Virus ClamAV 0.53

Clam Anti-Virus ClamAV 0.54

Clam Anti-Virus ClamAV 0.60

Clam Anti-Virus ClamAV 0.65

Clam Anti-Virus ClamAV 0.67

Clam Anti-Virus ClamAV 0.68

Clam Anti-Virus ClamAV 0.68 -1

Clam Anti-Virus ClamAV 0.70

Clam Anti-Virus ClamAV 0.75.1

Clam Anti-Virus ClamAV 0.80 rc4

Clam Anti-Virus ClamAV 0.80

Clam Anti-Virus ClamAV 0.80 rc3

Clam Anti-Virus ClamAV 0.80 rc1

Clam Anti-Virus ClamAV 0.80 rc2

Clam Anti-Virus ClamAV 0.81

Clam Anti-Virus ClamAV 0.82

Clam Anti-Virus ClamAV 0.83

Clam Anti-Virus ClamAV 0.84

Clam Anti-Virus ClamAV 0.84 rc1

Clam Anti-Virus ClamAV 0.84 rc2

Clam Anti-Virus ClamAV 0.85

Clam Anti-Virus ClamAV 0.85.1

Clam Anti-Virus ClamAV 0.86 .1

Clam Anti-Virus ClamAV 0.86

Clam Anti-Virus ClamAV 0.86.2

Clam Anti-Virus ClamAV 0.87

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站