Vulnerabilities > CVE-2005-2920 - Buffer Overflow vulnerability in ClamAV UPX Compressed Executable
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-824.NASL description Two vulnerabilities have been discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The following problems were identified : - CAN-2005-2919 A potentially infinite loop could lead to a denial of service. - CAN-2005-2920 A buffer overflow could lead to a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 19793 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19793 title Debian DSA-824-1 : clamav - infinite loop, buffer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-13.NASL description The remote host is affected by the vulnerability described in GLSA-200509-13 (Clam AntiVirus: Multiple vulnerabilities) Clam AntiVirus is vulnerable to a buffer overflow in last seen 2020-06-01 modified 2020-06-02 plugin id 19812 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19812 title GLSA-200509-13 : Clam AntiVirus: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_055.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:055 (clamav). This update upgrades clamav to version 0.87. It fixes vulnerabilities in handling of UPX and FSG compressed executables, which could lead to a remote attacker executing code within the daemon using clamav. These are tracked by the Mitre CVE IDs CVE-2005-2919 and CVE-2005-2920. Also following bugs were fixed: - Support for PE files, Zip and Cabinet archives has been improved and other small bugfixes have been made. - The new option last seen 2019-10-28 modified 2005-10-05 plugin id 19934 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19934 title SUSE-SA:2005:055: clamav NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-166.NASL description A vulnerability was discovered in ClamAV versions prior to 0.87. A buffer overflow could occure when processing malformed UPX-packed executables. As well, it could be sent into an infinite loop when processing specially crafted FSG-packed executables. ClamAV version 0.87 is provided with this update which isn last seen 2020-06-01 modified 2020-06-02 plugin id 19921 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19921 title Mandrake Linux Security Advisory : clamav (MDKSA-2005:166) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_271498A92CD411DAA2630001020EED82.NASL description Gentoo Linux Security Advisory reports : Clam AntiVirus is vulnerable to a buffer overflow in last seen 2020-06-01 modified 2020-06-02 plugin id 21403 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21403 title FreeBSD : clamav -- arbitrary code execution and DoS vulnerabilities (271498a9-2cd4-11da-a263-0001020eed82)
References
- http://secunia.com/advisories/16848
- http://secunia.com/advisories/16989
- http://sourceforge.net/project/shownotes.php?release_id=356974
- http://www.debian.org/security/2005/dsa-824
- http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml
- http://www.kb.cert.org/vuls/id/363713
- http://www.novell.com/linux/security/advisories/2005_55_clamav.html
- http://www.osvdb.org/19506
- http://www.securityfocus.com/bid/14866
- http://www.vupen.com/english/advisories/2005/1774
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22307