----- Forwarded message from "Konstantin A. Lepikhov" ----- Date: Sun, 13 Nov 2005 16:15:22 +0300 (MSK) From: "Konstantin A. Lepikhov" To: backports/lists.altlinux.org Subject: [Backports] Re: clamav vulnerabilities <цитата от="Sergey Y. Afonin"> > Я не стал в апдейты собирать 0.87, так как > не увидел в ченджлоге > ничего особо серьезного, а со временем > туговато несколько. 0.87.1 > гляну сегодня. Что касается (5) HIGH: ClamAV FSG File Handling Overflow Affected: Clam AntiVirus versions 0.80 through 0.87 Description: ClamAV is an open-source antivirus software designed mainly for scanning emails on UNIX mail gateways. The software includes a virus scanning library - libClamAV. This library is used by many third party email, web, FTP scanners as well as mail clients. The library contains a buffer overflow that can be triggered by specially crafted FSG (Packed Executable Format) files. The attacker can send the malicious file via email, web, FTP or a file share, and exploit the buffer overflow to execute arbitrary code on the system running the ClamAV library. The technical details can be obtained by comparing the fixed and the affected versions of the software. Note that for compromising the mail/web/FTP gateways no user interaction is required. Status: Version 0.87.1 fixes this overflow. The update also fixes other DoS vulnerabilities. Please look for third party updates for the software linked to libClamAV. Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary. References: TippingPoint Advisory http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html Third Party Software Using ClamAV http://www.clamav.net/whos.html#pagestart (Includes Mac OS X server) http://www.clamav.net/3rdparty.html#pagestart SecurityFocus BID http://www.securityfocus.com/bid/15318 PS 0.87.1 положен в updates. -- WBR et al. ----- End forwarded message ----- -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/