CVE-2006-1989
CVSS5.1
发布时间 :2006-05-01 15:06:00
修订时间 :2011-03-07 21:34:45
NMCOPS    

[原文]Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.


[CNNVD]ClamAV freshclam工具实现 缓冲区溢出漏洞(CNNVD-200605-019)

        ClamAV是一种开源的防病毒软件。
        ClamAV的freshclam工具实现上存在缓冲区溢出漏洞,远程攻击者可以利用此漏洞在服务器上执行任意指令。
        freshclam对来自服务器的HTTP数据没有做充分的检查就拷贝到一个固定长度的缓冲区,导致缓冲区溢出。要利用此漏洞攻击者必须控制ClamAV的某个数据库服务器或通过DNS欺骗的方法使ClamAV访问恶意设置的数据。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:clam_anti-virus:clamav:0.88.1
cpe:/a:clam_anti-virus:clamav:0.88

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1989
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1989
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-019
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/599220
(UNKNOWN)  CERT-VN  VU#599220
http://www.securityfocus.com/bid/17754
(PATCH)  BID  17754
http://secunia.com/advisories/19880
(VENDOR_ADVISORY)  SECUNIA  19880
http://www.vupen.com/english/advisories/2006/2566
(UNKNOWN)  VUPEN  ADV-2006-2566
http://www.vupen.com/english/advisories/2006/1586
(UNKNOWN)  VUPEN  ADV-2006-1586
http://www.trustix.org/errata/2006/0024
(UNKNOWN)  TRUSTIX  2006-0024
http://www.osvdb.org/25120
(UNKNOWN)  OSVDB  25120
http://www.novell.com/linux/security/advisories/2006_05_05.html
(UNKNOWN)  SUSE  SUSE-SA:2006:025
http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml
(UNKNOWN)  GENTOO  GLSA-200605-03
http://www.debian.org/security/2006/dsa-1050
(UNKNOWN)  DEBIAN  DSA-1050
http://www.clamav.net/security/0.88.2.html
(VENDOR_ADVISORY)  CONFIRM  http://www.clamav.net/security/0.88.2.html
http://secunia.com/advisories/20159
(UNKNOWN)  SECUNIA  20159
http://secunia.com/advisories/20117
(UNKNOWN)  SECUNIA  20117
http://secunia.com/advisories/19964
(UNKNOWN)  SECUNIA  19964
http://secunia.com/advisories/19963
(UNKNOWN)  SECUNIA  19963
http://secunia.com/advisories/19912
(UNKNOWN)  SECUNIA  19912
http://secunia.com/advisories/19874
(UNKNOWN)  SECUNIA  19874
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
(UNKNOWN)  SUSE  SUSE-SR:2006:010
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2006-06-27
http://kolab.org/security/kolab-vendor-notice-09.txt
(UNKNOWN)  CONFIRM  http://kolab.org/security/kolab-vendor-notice-09.txt
http://xforce.iss.net/xforce/xfdb/26182
(UNKNOWN)  XF  clamav-freshclam-http-bo(26182)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:080
(UNKNOWN)  MANDRIVA  MDKSA-2006:080
http://securitytracker.com/id?1016392
(UNKNOWN)  SECTRACK  1016392
http://secunia.com/advisories/20877
(UNKNOWN)  SECUNIA  20877

- 漏洞信息

ClamAV freshclam工具实现 缓冲区溢出漏洞
中危 缓冲区溢出
2006-05-01 00:00:00 2006-06-30 00:00:00
远程  
        ClamAV是一种开源的防病毒软件。
        ClamAV的freshclam工具实现上存在缓冲区溢出漏洞,远程攻击者可以利用此漏洞在服务器上执行任意指令。
        freshclam对来自服务器的HTTP数据没有做充分的检查就拷贝到一个固定长度的缓冲区,导致缓冲区溢出。要利用此漏洞攻击者必须控制ClamAV的某个数据库服务器或通过DNS欺骗的方法使ClamAV访问恶意设置的数据。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.debian.org/security/2005/dsa-1050
        http://www.debian.org/security/2006/dsa-1050

- 漏洞信息 (F46097)

Debian Linux Security Advisory 1050-1 (PacketStormID:F46097)
2006-05-06 00:00:00
Debian  debian.org
advisory,denial of service,arbitrary,protocol,virus
linux,unix,debian
CVE-2006-1989
[点击下载]

Debian Security Advisory 1050-1 - Ulf Harnhammar and an anonymous researcher from Germany discovered a vulnerability in the protocol code of freshclam, a command line utility responsible for downloading and installing virus signature updates for ClamAV, the antivirus scanner for Unix. This could lead to a denial of service or potentially the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1050-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 2nd, 2006                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-1989
BugTraq ID     : 17754

Ulf H    

- 漏洞信息 (F46012)

Mandriva Linux Security Advisory 2006.080 (PacketStormID:F46012)
2006-05-02 00:00:00
Mandriva  mandriva.com
advisory,web
linux,mandriva
CVE-2006-1989
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-080: Ulf Harnhammar discovered that the freshclam tool does not do a proper check for the size of header data received from a web server. This could potentially allow a specially prepared HTTP server to exploit freshclam clients connecting to a database mirror and causing a DoS. The updated packages have been updated to Clamav 0.88.2 which corrects this problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:080
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : May 1, 2006
 Affected: 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Ulf Harnhammar discovered that the freshclam tool does not do a proper
 check for the size of header data received from a web server.  This
 could potentially allow a specially prepared HTTP server to exploit
 freshclam clients connecting to a database mirror and causing a DoS.
 
 The updated packages have been updated to Clamav 0.88.2 which corrects
 this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1989
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 504700848a3d4d5c6cd56bc599f72a01  10.2/RPMS/clamav-0.88.2-0.1.102mdk.i586.rpm
 565dc413c1827141490cf9d3f8638dc4  10.2/RPMS/clamav-db-0.88.2-0.1.102mdk.i586.rpm
 0d15660c887ed3b728068c4be742c2c4  10.2/RPMS/clamav-milter-0.88.2-0.1.102mdk.i586.rpm
 cb0f6327f6b544bb5785f976837c6534  10.2/RPMS/clamd-0.88.2-0.1.102mdk.i586.rpm
 b1290d2aef3fb5fddd2960cf724ddb4a  10.2/RPMS/libclamav1-0.88.2-0.1.102mdk.i586.rpm
 78b7ffa7cd5ffd9b97d9e2cbd764dd67  10.2/RPMS/libclamav1-devel-0.88.2-0.1.102mdk.i586.rpm
 9c25ddd53c49a94613cba04d487f1d67  10.2/SRPMS/clamav-0.88.2-0.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 21995c6aba38f1dce3ab59e595366869  x86_64/10.2/RPMS/clamav-0.88.2-0.1.102mdk.x86_64.rpm
 070fc66c387ac0c48182c94223e68aef  x86_64/10.2/RPMS/clamav-db-0.88.2-0.1.102mdk.x86_64.rpm
 1ee9e18a46da275aae4d218749aefa2c  x86_64/10.2/RPMS/clamav-milter-0.88.2-0.1.102mdk.x86_64.rpm
 d7e05378a54d9340e031b1be7ebc1d9c  x86_64/10.2/RPMS/clamd-0.88.2-0.1.102mdk.x86_64.rpm
 57d2cc1e2604f9a67707c9e32d5912bb  x86_64/10.2/RPMS/lib64clamav1-0.88.2-0.1.102mdk.x86_64.rpm
 080bc0894bb82a9ccb3c583099b7ff21  x86_64/10.2/RPMS/lib64clamav1-devel-0.88.2-0.1.102mdk.x86_64.rpm
 9c25ddd53c49a94613cba04d487f1d67  x86_64/10.2/SRPMS/clamav-0.88.2-0.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 04b9eaa22e3709a556355d1a63f325d3  2006.0/RPMS/clamav-0.88.2-0.1.20060mdk.i586.rpm
 b42db252b6017e518cd97bc3852d6501  2006.0/RPMS/clamav-db-0.88.2-0.1.20060mdk.i586.rpm
 3b0002e7113f98b2d464db0d83e82937  2006.0/RPMS/clamav-milter-0.88.2-0.1.20060mdk.i586.rpm
 824f1c08ea56fca696204d2c17474763  2006.0/RPMS/clamd-0.88.2-0.1.20060mdk.i586.rpm
 59cf5dabda1ec2d4c00607c61568603c  2006.0/RPMS/libclamav1-0.88.2-0.1.20060mdk.i586.rpm
 5fa8e2280cd07c19f14c13d8ef6a808d  2006.0/RPMS/libclamav1-devel-0.88.2-0.1.20060mdk.i586.rpm
 8f8d2d75378f599ec0ad4bb0c4b4c718  2006.0/SRPMS/clamav-0.88.2-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 31d57fe2b7213ef6a553efbb54e9fd44  x86_64/2006.0/RPMS/clamav-0.88.2-0.1.20060mdk.x86_64.rpm
 cd92749b954d7e683e63ac91465279cf  x86_64/2006.0/RPMS/clamav-db-0.88.2-0.1.20060mdk.x86_64.rpm
 cd67db062928aab0bff452d548c8f109  x86_64/2006.0/RPMS/clamav-milter-0.88.2-0.1.20060mdk.x86_64.rpm
 32220d09761f344b256c402b362fdf44  x86_64/2006.0/RPMS/clamd-0.88.2-0.1.20060mdk.x86_64.rpm
 80e899d781d667614ff1be548473469c  x86_64/2006.0/RPMS/lib64clamav1-0.88.2-0.1.20060mdk.x86_64.rpm
 0a926463dde3f8f730b3088b454033be  x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.2-0.1.20060mdk.x86_64.rpm
 8f8d2d75378f599ec0ad4bb0c4b4c718  x86_64/2006.0/SRPMS/clamav-0.88.2-0.1.20060mdk.src.rpm

 Corporate 3.0:
 9e293869d32057fd0eb32489c2668c9a  corporate/3.0/RPMS/clamav-0.88.2-0.1.C30mdk.i586.rpm
 e727b5102b3b7ecd1580c7671825ed24  corporate/3.0/RPMS/clamav-db-0.88.2-0.1.C30mdk.i586.rpm
 016b4eac4f1dda299d3ef4a708ba11c2  corporate/3.0/RPMS/clamav-milter-0.88.2-0.1.C30mdk.i586.rpm
 7c715a9f07a204fdf070eac3c7dd264a  corporate/3.0/RPMS/clamd-0.88.2-0.1.C30mdk.i586.rpm
 47b553230f4070d12995a4ae9c1a4111  corporate/3.0/RPMS/libclamav1-0.88.2-0.1.C30mdk.i586.rpm
 8d11c95524b35b91b29da262cee7ce3e  corporate/3.0/RPMS/libclamav1-devel-0.88.2-0.1.C30mdk.i586.rpm
 b702a7862c123c89bdea7d0ab72aea38  corporate/3.0/SRPMS/clamav-0.88.2-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 4309266e4bacf97d9025d688cfe88cd8  x86_64/corporate/3.0/RPMS/clamav-0.88.2-0.1.C30mdk.x86_64.rpm
 2f14c88331222593e2a24bc8a28c1dfc  x86_64/corporate/3.0/RPMS/clamav-db-0.88.2-0.1.C30mdk.x86_64.rpm
 9b810d09669a131f80354dee61e8ab6e  x86_64/corporate/3.0/RPMS/clamav-milter-0.88.2-0.1.C30mdk.x86_64.rpm
 f5cf957964da35212b5216ef61db6cb6  x86_64/corporate/3.0/RPMS/clamd-0.88.2-0.1.C30mdk.x86_64.rpm
 fdaffd2efa64f9a4613398ae7c299509  x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.2-0.1.C30mdk.x86_64.rpm
 4f33c005fd172e9c6de84368cf51c681  x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.2-0.1.C30mdk.x86_64.rpm
 b702a7862c123c89bdea7d0ab72aea38  x86_64/corporate/3.0/SRPMS/clamav-0.88.2-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEVp2BmqjQ0CJFipgRAirLAJ9TxkFwzMcqyigcLs4SPm2EuZFHSwCgz7KP
WW/K0gl6N4ZI9rcdOLcbTqM=
=Wyyr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

25120
Clam AntiVirus Freshclam HTTP Header Remote Overflow
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

A remote overflow exists in Freshclam. The 'freshclam' utility fails to check the length of HTTP headers resulting in a stack-based buffer overflow when a server responds with more than 8KB of header data. With a specially crafted server response, an attacker can cause denial of service or arbitrary code execution resulting in a loss of integrity or availability for the service.

- 时间线

2006-05-01 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.88.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
Boundary Condition Error 17754
Yes No
2006-05-01 12:00:00 2006-12-05 04:09:00
The vendor credits Ulf Harnhammar and an anonymous researcher from Germany with the simultaneous discovery of this issue.

- 受影响的程序版本

Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Tomasz Kojm Clam AntiVirus 0.87
Tomasz Kojm Clam AntiVirus 0.83
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Kolab Kolab Groupware Server 2.0.2
Kolab Kolab Groupware Server 2.0.1
ifenslave ifenslave 0.88
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Clam Anti-Virus ClamAV 0.88.1
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Kolab Kolab Groupware Server 2.0.3
Clam Anti-Virus ClamAV 0.88.2

- 不受影响的程序版本

Kolab Kolab Groupware Server 2.0.3
Clam Anti-Virus ClamAV 0.88.2

- 漏洞讨论

ClamAV's freshclam utility is susceptible to a remote buffer-overflow vulnerability. The utility fails to perform sufficient boundary checks in server-supplied HTTP data before copying it to an insufficiently sized memory buffer.

To exploit this issue, attackers must subvert webservers in the ClamAV database server pool. Or, they would perform DNS-based attacks or man-in-the-middle attacks to cause affected freshclam applications to connect to attacker-controlled webservers.

This issue allows remote attackers to execute arbitrary machine code in the context of the freshclam utility. The affected utility may run with superuser privileges, aiding remote attackers in the complete compromise of affected computers.

ClamAV versions 0.88 and 0.88.1 are affected by this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

- 解决方案

The vendor has released updates to address these issues. Please see the referenced advisories for more information.


Tomasz Kojm Clam AntiVirus 0.83

Tomasz Kojm Clam AntiVirus 0.87

ifenslave ifenslave 0.88

Clam Anti-Virus ClamAV 0.88.1

Apple Mac OS X Server 10.4.4

Apple Mac OS X Server 10.4.5

Apple Mac OS X Server 10.4.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站