Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ClamAV versions up to 0.88.3 DoS

Published: 2006-08-07
Last Updated: 2006-08-08 00:15:14 UTC
by Jim Clausing (Version: 3)
0 comment(s)
A Secunia bulletin earlier today alerted us to a potential denial of service in the popular open-source anti-virus package ClamAV.  The vulnerability is in the pefromupx() routine for unpacking a UPX packed PE executable.  The advisory states that all versions up to, and including, 0.88.4 are vulnerable.  The front page of http://www.clamav.net states that the latest stable version is 0.88.4, but the "stable" page only mentions 0.88.3 released last month.  The sourceforge download page lists a clamav-0.88.4.tar.gz (and .sig), but at the time of this writing, actually clicking on the link results in a "file not found" error.  So, it looks like they are scrambling to fix this one and the new version should be available shortly.

Update: (2006-08-08 00:10) The tarball is available now as is a proof-of-concept.

---------------------------
Jim Clausing,  jclausing --at-- isc.sans.org
Keywords:
0 comment(s)
Diary Archives