ClamAV versions up to 0.88.3 DoS

Published: 2006-08-07. Last Updated: 2006-08-08 00:15:14 UTC
by Jim Clausing (Version: 3)
0 comment(s)
A Secunia bulletin earlier today alerted us to a potential denial of service in the popular open-source anti-virus package ClamAV.  The vulnerability is in the pefromupx() routine for unpacking a UPX packed PE executable.  The advisory states that all versions up to, and including, 0.88.4 are vulnerable.  The front page of http://www.clamav.net states that the latest stable version is 0.88.4, but the "stable" page only mentions 0.88.3 released last month.  The sourceforge download page lists a clamav-0.88.4.tar.gz (and .sig), but at the time of this writing, actually clicking on the link results in a "file not found" error.  So, it looks like they are scrambling to fix this one and the new version should be available shortly.

Update: (2006-08-08 00:10) The tarball is available now as is a proof-of-concept.

---------------------------
Jim Clausing,  jclausing --at-- isc.sans.org
Keywords:
0 comment(s)

Tip of the Day: Read e-mail in plain text (as God intended) :)

Published: 2006-08-07. Last Updated: 2006-08-07 22:50:01 UTC
by Jim Clausing (Version: 2)
0 comment(s)
I was reminded of today's tip of the day by one of our readers, Jim Hendrick.  I personally get really annoyed at all the "cutesy" HTML e-mails I seem to get these days whose only real purpose is to take up space.  Why send a 6K text message when you can fancy it up and send a 150K message instead, after all we all have bandwidth and disk space to burn these days, right?!  I've used e-mail for more about 25 years, first on Compuserve, and then as a business tool beginning in about 1987.  Early on I used elm on various Unix machines and when I first got a POP account, Eudora on my old Mac.  For the last 10 years or so, I've used pine and PC-Pine and more recently, occasionally, Thunderbird for most of my IMAP e-mail, but for work, the corporate standard at my day job is Outlook 2003.  I haven't gone back and counted recently, but I'd wager a guess that in the last 2 years there have probably been at least a dozen vulnerabilities in Outlook and/or IE, where the suggested workaround (by Microsoft) was to read e-mail as text only.  My first recommendation (which I realize is not practical in many corporate environments, including mine) is to switch to a different e-mail client (partially for the diversity reasons mentioned in yesterday's Tip of the Day), but if you can't at least switch to plain text as your default (you can always render the HTML for those messages that are completely indecipherable as text).  This isn't that hard to do, even in Outlook and even if you feel the need to use the preview pane.  In Outlook 2003 (the only version I have available to me at the moment), this is pretty simple.  From the Tools menu choose Options.  In the box that pops up, choose the Preferences tab and click on the E-mail Options button.  In the subsequent box there are a number of checkboxes in the top half of the dialog.  Check the bottom two "Read all standard mail as plain text" and "Read all digitally signed mail in plain text".  Click okay and you're half done.  I also recommend that you click on the "Mail Format" tab and *send* all your e-mail as plain text, too.  Finally http://support.microsoft.com/kb/307594 describes a registry key (that can be set via Group Policy) for Office XP SP1 and later that forces the default to read all e-mail as plain text.

Update:  One of our readers, Daniel Veditz, pointed out to me in e-mail that Thunderbird can be set to display the e-mail in plain text as follows: In Mozilla Thunderbird you can set this up by going to the "View |
Message Body As" sub-menu and choosing "Plain Text".


--------------------------------
Jim Clausing, jclausing <at> isc.sans.org
Keywords: ToD
0 comment(s)

Fedora Core 4 goes into maintenance mode, FC1 and FC2 end-of-life

Published: 2006-08-07. Last Updated: 2006-08-07 19:05:42 UTC
by Jim Clausing (Version: 1)
0 comment(s)
The Fedora folks announced that with the release of FC6 Test 2, FC4 moves to maintenance mode and support is transferred to the Fedora Legacy Group.  They also point out that FC1 and FC2 are now end-of-life.  So, if you haven't upgraded yet, now would be a good time.  See http://fedoralegacy.org/ for more info.
Keywords:
0 comment(s)

Comments


Diary Archives