|
Message-ID: <20081113090617.GG5799@suse.de> Date: Thu, 13 Nov 2008 10:06:17 +0100 From: Thomas Biege <thomas@...e.de> To: OSS-Security Mailinglist <oss-security@...ts.openwall.com> Cc: coley@...re.org Subject: CVE request: clamav get_unicode_name() off-by-one buffer overflow Hello, AFAIK no CVE-ID was assigned for the following issue yet. ----------------------------------------------------------------- ClamAV get_unicode_name() off-by-one buffer overflow Copyright (c) 2008 Moritz Jodeit <moritz@...eit.org> (2008/11/08) ----------------------------------------------------------------- Application details: From http://www.clamav.net/: "Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library." Vulnerability description: ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. The vulnerability occurs inside the get_unicode_name() function in libclamav/vba_extract.c when a specific `name' buffer is passed to it. ... -- Bye, Thomas -- Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Hamming's Motto: The purpose of computing is insight, not numbers. -- Richard W. Hamming
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.