CVE-2006-0162
CVSS7.5
发布时间 :2006-01-10 14:03:00
修订时间 :2011-03-07 21:29:28
NMCOPS    

[原文]Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.


[CNNVD]Clam Anti-Virus ClamAV UPX文件处理溢出漏洞(CNNVD-200601-094)

        Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。
        ClamAV 0.88以前的版本中的libclamav/upx.c中存在堆溢出漏洞,导致在扫描压缩的UPX文件时会执行任意代码和拒绝服务。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:clam_anti-virus:clamav:0.84_rc1
cpe:/a:clam_anti-virus:clamav:0.80_rc2
cpe:/a:clam_anti-virus:clamav:0.70
cpe:/a:clam_anti-virus:clamav:0.52
cpe:/a:clam_anti-virus:clamav:0.84
cpe:/a:clam_anti-virus:clamav:0.60
cpe:/a:clam_anti-virus:clamav:0.65
cpe:/a:clam_anti-virus:clamav:0.54
cpe:/a:clam_anti-virus:clamav:0.75.1
cpe:/a:clam_anti-virus:clamav:0.67
cpe:/a:clam_anti-virus:clamav:0.85.1
cpe:/a:clam_anti-virus:clamav:0.51
cpe:/a:clam_anti-virus:clamav:0.68.1
cpe:/a:clam_anti-virus:clamav:0.83
cpe:/a:clam_anti-virus:clamav:0.86
cpe:/a:clam_anti-virus:clamav:0.84_rc2
cpe:/a:clam_anti-virus:clamav:0.81
cpe:/a:clam_anti-virus:clamav:0.85
cpe:/a:clam_anti-virus:clamav:0.80_rc3
cpe:/a:clam_anti-virus:clamav:0.80_rc1
cpe:/a:clam_anti-virus:clamav:0.68
cpe:/a:clam_anti-virus:clamav:0.53
cpe:/a:clam_anti-virus:clamav:0.80
cpe:/a:clam_anti-virus:clamav:0.86.2
cpe:/a:clam_anti-virus:clamav:.
cpe:/a:clam_anti-virus:clamav:0.86.1
cpe:/a:clam_anti-virus:clamav:0.80_rc4
cpe:/a:clam_anti-virus:clamav:0.82
cpe:/a:clam_anti-virus:clamav:0.87
cpe:/a:clam_anti-virus:clamav:0.87.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0162
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-094
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/385908
(UNKNOWN)  CERT-VN  VU#385908
http://www.securityfocus.com/bid/16191
(PATCH)  BID  16191
http://secunia.com/advisories/18379
(VENDOR_ADVISORY)  SECUNIA  18379
http://www.vupen.com/english/advisories/2006/0116
(UNKNOWN)  VUPEN  ADV-2006-0116
http://www.clamav.net/doc/0.88/ChangeLog
(UNKNOWN)  CONFIRM  http://www.clamav.net/doc/0.88/ChangeLog
http://xforce.iss.net/xforce/xfdb/24047
(UNKNOWN)  XF  clamav-libclamav-upx-bo(24047)
http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
(UNKNOWN)  MISC  http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
http://www.trustix.org/errata/2006/0002/
(UNKNOWN)  TRUSTIX  2006-0002
http://www.osvdb.org/22318
(UNKNOWN)  OSVDB  22318
http://www.mandriva.com/security/advisories?name=MDKSA-2006:016
(UNKNOWN)  MANDRIVA  MDKSA-2006:016
http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml
(UNKNOWN)  GENTOO  GLSA-200601-07
http://www.debian.org/security/2006/dsa-947
(UNKNOWN)  DEBIAN  DSA-947
http://securitytracker.com/id?1015457
(UNKNOWN)  SECTRACK  1015457
http://securityreason.com/securityalert/342
(UNKNOWN)  SREASON  342
http://secunia.com/advisories/18548
(UNKNOWN)  SECUNIA  18548
http://secunia.com/advisories/18478
(UNKNOWN)  SECUNIA  18478
http://secunia.com/advisories/18463
(UNKNOWN)  SECUNIA  18463
http://secunia.com/advisories/18453
(UNKNOWN)  SECUNIA  18453
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html
(UNKNOWN)  FULLDISC  20060112 ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability

- 漏洞信息

Clam Anti-Virus ClamAV UPX文件处理溢出漏洞
高危 缓冲区溢出
2006-01-10 00:00:00 2006-01-11 00:00:00
远程  
        Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。
        ClamAV 0.88以前的版本中的libclamav/upx.c中存在堆溢出漏洞,导致在扫描压缩的UPX文件时会执行任意代码和拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://prdownloads.sourceforge.net/clamav/clamav-0.88.tar.gz?download

- 漏洞信息 (F43071)

Zero Day Initiative Advisory 06-01 (PacketStormID:F43071)
2006-01-15 00:00:00
Tipping Point  zerodayinitiative.com
advisory,code execution
CVE-2006-0162
[点击下载]

Clam AntiVirus versions 0.80 through 0.87.1 suffer from a code execution flaw during the uncompressing of files compressed with with FSG version 1.33.

ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
January 12, 2006

-- CVE ID:
CVE-2006-0162

-- Affected Vendor:
Clam AntiVirus

-- Affected Products:
Clam AntiVirus 0.80 through 0.87.1

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since December 13, 2005 by Digital Vaccine protection
filter ID 3975. For further product information on the TippingPoint IPS:

    http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable ClamAV installations. Authentication is not required to
exploit this vulnerability.

This specific flaw exists within libclamav/fsg.c during the unpacking of
executable files compressed with FSG v1.33. Due to invalid bounds
checking when copying user-supplied data to heap allocated memory, an
exploitable memory corruption condition is created. The unpacking
algorithm for other versions of FSG is not affected.

-- Vendor Response:
Addressed in Clam AntiVirus version 0.88:

    sf.net/project/shownotes.php?release_id=384086&group_id=86638

-- Disclosure Timeline:
2005.13.12 - Vulnerability reported to vendor
2005.13.12 - Digital Vaccine released to TippingPoint customers
2006.12.01 - Public release of advisory

-- Credit:
This vulnerability was discovered by an anonymous researcher.

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, a division of 3Com, The Zero Day Initiative
(ZDI) represents a best-of-breed model for rewarding security
researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

    http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
who have a vulnerability protection or mitigation product.
    

- 漏洞信息

22318
Clam AntiVirus UPX File Processing Overflow
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Private

- 漏洞描述

A remote overflow exists in ClamAV. The product fails to correctly perform a size allocation resulting in a heap overflow. With a specially crafted UPX file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2006-01-12 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.88 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Clam Anti-Virus ClamAV UPX Compressed File Heap Buffer Overflow Vulnerability
Boundary Condition Error 16191
Yes No
2006-01-09 12:00:00 2006-08-15 05:40:00
An anonymous researcher discovered this issue.

- 受影响的程序版本

Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Clam Anti-Virus ClamAV 0.87.1
Clam Anti-Virus ClamAV 0.87 -1
Clam Anti-Virus ClamAV 0.87
Clam Anti-Virus ClamAV 0.86.2
Clam Anti-Virus ClamAV 0.86 .1
Clam Anti-Virus ClamAV 0.86
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus ClamAV 0.85
Clam Anti-Virus ClamAV 0.84 rc2
Clam Anti-Virus ClamAV 0.84 rc1
Clam Anti-Virus ClamAV 0.84
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus ClamAV 0.81
+ Gentoo Linux
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.75.1
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.67
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.51
ifenslave ifenslave 0.88
Clam Anti-Virus ClamAV 0.87.1

- 不受影响的程序版本

ifenslave ifenslave 0.88
Clam Anti-Virus ClamAV 0.87.1

- 漏洞讨论

ClamAV is prone to a heap buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

This issue occurs when the application attempts to handle compressed UPX files.

Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Please see the referenced advisories for information on obtaining fixes.


Clam Anti-Virus ClamAV 0.51

Clam Anti-Virus ClamAV 0.53

Clam Anti-Virus ClamAV 0.60

Clam Anti-Virus ClamAV 0.65

Clam Anti-Virus ClamAV 0.68

Clam Anti-Virus ClamAV 0.70

Clam Anti-Virus ClamAV 0.75.1

Clam Anti-Virus ClamAV 0.80 rc4

Clam Anti-Virus ClamAV 0.80

Clam Anti-Virus ClamAV 0.80 rc3

Clam Anti-Virus ClamAV 0.80 rc1

Clam Anti-Virus ClamAV 0.80 rc2

Clam Anti-Virus ClamAV 0.81

Clam Anti-Virus ClamAV 0.82

Clam Anti-Virus ClamAV 0.83

Clam Anti-Virus ClamAV 0.84

Clam Anti-Virus ClamAV 0.84 rc2

Clam Anti-Virus ClamAV 0.84 rc1

Clam Anti-Virus ClamAV 0.85

Clam Anti-Virus ClamAV 0.85.1

Clam Anti-Virus ClamAV 0.86 .1

Clam Anti-Virus ClamAV 0.86

Clam Anti-Virus ClamAV 0.86.2

Clam Anti-Virus ClamAV 0.87

Clam Anti-Virus ClamAV 0.87 -1

Clam Anti-Virus ClamAV 0.87.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站