Clam AntiVirus UPX Unpacking Code Execution Vulnerability
ZDI-06-001: January 12th, 2006CVE ID
Affected Vendors
-
Clam AntiVirus
Affected Products
-
Clam AntiVirus
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 3975. For further product information on the TippingPoint IPS:Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability.
This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created.
Vendor Response
Clam AntiVirus states:Addressed in Clam AntiVirus version 0.88:
http://sf.net/project/shownotes.php?release_id=384086&group_id=86638
Disclosure Timeline
-
2005-12-13 - Vulnerability reported to vendor
2006-01-12 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Anonymous
