A Secunia bulletin earlier today alerted us to a potential denial of service in the popular open-source anti-virus package ClamAV. The vulnerability is in the pefromupx() routine for unpacking a UPX packed PE executable. The advisory states that all versions up to, and including, 0.88.4 are vulnerable. The front page of http://www.clamav.net states that the latest stable version is 0.88.4, but the "stable" page only mentions 0.88.3 released last month. The sourceforge download page lists a clamav-0.88.4.tar.gz (and .sig), but at the time of this writing, actually clicking on the link results in a "file not found" error. So, it looks like they are scrambling to fix this one and the new version should be available shortly.
Jim Clausing, jclausing --at-- isc.sans.org
I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019
Aug 7th 2006
1 decade ago