Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] n.runs-SA-2007.025 - ClamAV Remote Code Execution Advi

from [security] Network Security [Permanent Link]
Subject: [Full-disclosure] n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory
Date: Fri, 24 Aug 2007 21:14:25 +0200 
n.runs AG                      
http://www.nruns.com/                              security(at)nruns.com
n.runs-SA-2007.025                                           24-Aug-2007

________________________________________________________________________ 

Vendor:                 ClamAV, http://www.clamav.net
Affected Products:      ClamAV, 
                        http://www.clamav.net 
Vulnerability :         Remote Code Execution
Risk:                   HIGH 

________________________________________________________________________ 

Vendor communication: 


  2007/08/10 Initial notification to ClamAV 
  2007/08/10 ClamAV Responses 
  2007/08/10 PoC files sent to ClamAV 
  2007/08/21 ClamAV releases version 0.91.2
  2007/08/24 n.runs AG releases a coordinated disclosure advisory 
________________________________________________________________________ 

Overview:

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways. It provides
a number of utilities including a flexible and scalable multi-threaded
daemon, a command line scanner and advanced tool for automatic database
updates. The core of the package is an anti-virus engine available in
a form of shared library.

Description:

A remotely exploitable vulnerability has been found in clamav-milter
when used with sendmail. In detail, the following flaw was determined:

- Arbitrary code execution due to insecure call to popen()

Impact:

This vulnerability can lead to remote code execution with root privileges.
Leading to a complete compromise of the vulnerable system.
An attacker can inject shell commands into the recipient field of sendmail,
if clamav-milter was started with the black hole mode activated.
The vulnerability is present in at least clamav version 0.91.1, prior
versions may also be affected.

Solution:
A new stable release (clamav 0.91.2) is available at the clamav website
which
fixes the vulnerability.

________________________________________________________________________ 


Credit:
Bugs found by Nikolaos Rangos of n.runs AG. 
________________________________________________________________________ 


References:
http://www.clamav.net/download/sources


This Advisory and Upcoming Advisories 
http://www.nruns.com/security_advisory.php
http://www.nruns.com/parsing-engines-advisories.php 
________________________________________________________________________ 


Unaltered electronic reproduction of this advisory is permitted. For all 
other reproduction or publication, in printing or otherwise, contact 
securitynruns.com for permission. Use of the advisory constitutes 
acceptance for use in an as is condition. All warranties are excluded. In 
no event shall n.runs be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special 
damages, even if n.runs has been advised of the possibility of such damages.




Copyright 2007 n.runs AG. All rights reserved. Terms of use apply. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory, security <=
Previous by Date:  Re: VMWare poor guest isolation design, Matt Richard
Next by Date:  [Full-disclosure] n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory, security
Previous by Thread:  [Full-disclosure] [USN-502-1] KDE vulnerabilities, Kees Cook
Next by Thread:  [Full-disclosure] n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory, security
Indexes:  [Date] [Thread] [Top] [All Lists]