Clam AntiVirus处理UPX压缩PE文件构建堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110750 漏洞类型 缓冲区溢出
发布时间 2006-08-07 更新时间 2007-01-16
CVE编号 CVE-2006-4018 CNNVD-ID CNNVD-200608-121
漏洞平台 Linux CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28348
https://www.securityfocus.com/bid/19381
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-121
|漏洞详情
ClamAntiVirus是一款UNIX环境下开源的防病毒软件。ClamAntiVirus在处理畸形UPX压缩的文件时存在堆溢出漏洞,远程攻击者可能利用此漏洞完全控制查毒机器。ClamAntiVirus的pefromupx()函数在处理UPX格式压缩的文件构建PE文件时存在堆溢出问题,远程攻击者可能通过恶意的UPX文件在查毒机器上执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/19381/info

ClamAV is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. 

This issue occurs when the application attempts to handle compressed UPX files. 

Exploiting this issue could allow attacker-supplied machine code to execute in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.

ClamAV versions 0.88.2 and 0.88.3 are vulnerable to this issue; prior versions may also be affected.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/28348.exe
|受影响的产品
Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 SuSE Linux Enterprise Server 9 SuSE Linux Enterprise Server 10 + Linux kernel 2.6.5 S.u.
|参考资料

来源:MISC
链接:http://www.overflow.pl/adv/clamav_upx_heap.txt
来源:www.clamav.net
链接:http://www.clamav.net/security/0.88.4.html
来源:BID
名称:19381
链接:http://www.securityfocus.com/bid/19381
来源:VUPEN
名称:ADV-2006-3175
链接:http://www.frsirt.com/english/advisories/2006/3175
来源:GENTOO
名称:GLSA-200608-13
链接:http://security.gentoo.org/glsa/glsa-200608-13.xml
来源:SECUNIA
名称:21433
链接:http://secunia.com/advisories/21433
来源:SECUNIA
名称:21374
链接:http://secunia.com/advisories/21374
来源:SECUNIA
名称:21368
链接:http://secunia.com/advisories/21368
来源:MANDRIVA
名称:MDKSA-2006:138
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:138
来源:XF
名称:clamav-pefromupx-bo(28286)
链接:http://xforce.iss.net/xforce/xfdb/28286
来源:TRUSTIX
名称:2006-0046
链接:http://www.trustix.org/errata/2006/0046/
来源:BUGTRAQ
名称:20060809[Overflow.pl]ClamAntiVirusWin32-UPXHeapOverflow
链接:http://www.securityfocus.com/archive/1/archive/1/442681/100/0/threaded
来源:SUSE
名称:SUSE-SA:2006:046
链接:http://www.novell.com/linux/security/advisories/2006_46_