Advisory Details

January 12th, 2006

Clam AntiVirus UPX Unpacking Code Execution Vulnerability

ZDI-06-001
ZDI-CAN-011

CVE ID CVE-2006-0162
CVSS SCORE
AFFECTED VENDORS Clam AntiVirus
AFFECTED PRODUCTS Clam AntiVirus
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 3975. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability.

This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created.

ADDITIONAL DETAILS

Addressed in Clam AntiVirus version 0.88:

http://sf.net/project/shownotes.php?release_id=384086&group_id=86638


DISCLOSURE TIMELINE
  • 2005-12-13 - Vulnerability reported to vendor
  • 2006-01-12 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES