Bugs item #1480297, was opened at 2006-05-02 10:28
Message generated for change (Comment added) made by hpeglow
You can respond by visiting:
https://sourcefo
rge.net/tracker/?func=detail&atid=725139&aid=1480297
&group_id=132104
Please note that this message will contain a full copy of
the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Dayne Lucas (dayne)
Assigned to: Raphael Lechner (xedo)
Summary: ClamAV 88.2 - Update RPM
Initial Comment:
W32.Polipos.A is a complex polimorphic virus infecting
32-bit Windows executables. The virus uses advanced
techniques, such as entry point obscuring, to make the
detection even harder. It can also spread via P2P
networks and contains procedures against security
software.
Extensive tests in our secure environments showed that
ClamAV 0.88.2 was able to detect 100% W32.Polipos.A
infections without producing a single false positive alert.
* CVE: CVE-2006-1989
* Status: Moderate risk
* Vulnerable: ClamAV 0.80 - 0.88.1
Freshclam is a command line utility responsible for
downloading and installing virus signature updates. One
of its features is a HTTP client performing file
downloads from web servers. A security vulnerability in
the protocol code was discovered independently by Ulf
Harnhammar and an anonymous researcher from Germany.
The problem exists due to a lack of proper check for
the size of header data received from a web server:
int get_database(const char *dbfile, int socketfd,
const char *file,
const
char *hostname, const char *proxy, const char *user,
const char *pass) {
char cmd[512], buffer[FILEBUFF], *ch;
[...]
/* read all the http headers */
ch = buffer;
i = 0;
while (1) {
/* recv one byte at a time, until we reach
\r\n\r\n */
if(recv(socketfd, buffer + i, 1, 0) == -1) {
[...]
The code assumes the size of all headers returned by
the web server is smaller than 8 KB. A specially
prepared HTTP server could be used by an attacker to
exploit freshclam clients connecting to the database
mirror. The bug was classified as moderate risk. The
ClamAV project uses a big number of database mirrors
gathered into round robin records. In most cases the
system looks up the GeoIP database to redirect users to
the closest pool of mirrors. Remote exploitation
(Denial of Service) can be achived by changing one of
the mirrors configurations to run a special web server
returning wrong header data or by pointing freshclam to
a bogus mirror i.e. by means of DNS poisoning. Remote
execution of arbitrary code is not easy due to
diversity of client platforms and architectures.
Could the Dev Team compile a rpm update package for
ClamAV, so their users are not effected by these exploits?
Thank you,
Dayne
------------------------------------------------------------
----------
Comment By: hpeglow (hpeglow)
Date: 2006-06-16 15:01
Message:
Logged In: YES
user_id=1462753
Hi,
where is the mising file?
When I installed clamav-0.88.2-0.endian5.i386.rpm
I get the same errormessage.
error: Failed dependencies:
clamav-db = 0.88.2-0.endian5 is needed by
clamav-0.88.2-0.endian5.i386
Thanks for help
Hartmut
------------------------------------------------------------
----------
Comment By: Raphael Lechner (xedo)
Date: 2006-06-13 08:16
Message:
Logged In: YES
user_id=202863
The missing file is now attached.
------------------------------------------------------------
----------
Comment By: Dayne Lucas (dayne)
Date: 2006-06-11 22:45
Message:
Logged In: YES
user_id=1391124
Thanks for the update. However I get an error on a freshly
installed pre2 release:
error: Failed dependencies:
clamav-db = 0.88.2-0.endian5 is needed by
clamav-0.88.2-0.endian5.i386
Can anybody help?
Best regards,
Dayne
------------------------------------------------------------
----------
You can respond by visiting:
https://sourcefo
rge.net/tracker/?func=detail&atid=725139&aid=1480297
&group_id=132104
_______________________________________________
Efw-devel mailing list
Efw-devel lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-devel
|