[<prev] [next>] [thread-next>] [month] [year] [list]
Date: Thu, 13 Nov 2008 10:06:17 +0100
From: Thomas Biege <thomas@...e.de>
To: OSS-Security Mailinglist <oss-security@...ts.openwall.com>
Cc: coley@...re.org
Subject: CVE request: clamav get_unicode_name() off-by-one buffer overflow
Hello,
AFAIK no CVE-ID was assigned for the following issue yet.
-----------------------------------------------------------------
ClamAV get_unicode_name() off-by-one buffer overflow
Copyright (c) 2008 Moritz Jodeit <moritz@...eit.org> (2008/11/08)
-----------------------------------------------------------------
Application details:
From http://www.clamav.net/:
"Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways. It provides
a number of utilities including a flexible and scalable multi-threaded
daemon, a command line scanner and advanced tool for automatic
database updates. The core of the package is an anti-virus engine
available in a form of shared library."
Vulnerability description:
ClamAV contains an off-by-one heap overflow vulnerability in the
code responsible for parsing VBA project files. Successful
exploitation could allow an attacker to execute arbitrary code with
the privileges of the `clamd' process by sending an email with a
prepared attachment.
The vulnerability occurs inside the get_unicode_name() function
in libclamav/vba_extract.c when a specific `name' buffer is passed
to it.
...
--
Bye,
Thomas
--
Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Hamming's Motto:
The purpose of computing is insight, not numbers.
-- Richard W. Hamming
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux