Vulnerabilities > CVE-2006-0162 - Buffer Overflow vulnerability in Clam Anti-Virus ClamAV UPX Compressed File Heap
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-947.NASL description A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system running ClamAV. In addition, other potential overflows have been corrected. Packages for the ARM architecture were not available when DSA 947-1 was released; these packages are now available. Also, DSA 947-1 incorrectly identified the package version which corrected these issues in the unstable distribution (sid). last seen 2020-06-01 modified 2020-06-02 plugin id 22813 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22813 title Debian DSA-947-2 : clamav - heap overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_612A34EC81DC11DAA0430002A5C3D308.NASL description The Zero Day Initiative reports : This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created. last seen 2020-06-01 modified 2020-06-02 plugin id 21439 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21439 title FreeBSD : clamav -- possible heap overflow in the UPX code (612a34ec-81dc-11da-a043-0002a5c3d308) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-016.NASL description A heap-based buffer overflow was discovered in ClamAV versions prior to 0.88 which allows remote attackers to cause a crash and possibly execute arbitrary code via specially crafted UPX files. This update provides ClamAV 0.88 which corrects this issue and also fixes some other bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 20795 published 2006-01-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20795 title Mandrake Linux Security Advisory : clamav (MDKSA-2006:016) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200601-07.NASL description The remote host is affected by the vulnerability described in GLSA-200601-07 (ClamAV: Remote execution of arbitrary code) Zero Day Initiative (ZDI) reported a heap buffer overflow vulnerability. The vulnerability is due to an incorrect boundary check of the user-supplied data prior to copying it to an insufficiently sized memory buffer. The flaw occurs when the application attempts to handle compressed UPX files. Impact : For example by sending a maliciously crafted UPX file into a mail server that is integrated with ClamAV, a remote attacker last seen 2020-06-01 modified 2020-06-02 plugin id 20417 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20417 title GLSA-200601-07 : ClamAV: Remote execution of arbitrary code
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html
- http://secunia.com/advisories/18379
- http://secunia.com/advisories/18453
- http://secunia.com/advisories/18463
- http://secunia.com/advisories/18478
- http://secunia.com/advisories/18548
- http://securityreason.com/securityalert/342
- http://securitytracker.com/id?1015457
- http://www.clamav.net/doc/0.88/ChangeLog
- http://www.debian.org/security/2006/dsa-947
- http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml
- http://www.kb.cert.org/vuls/id/385908
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:016
- http://www.osvdb.org/22318
- http://www.securityfocus.com/bid/16191
- http://www.trustix.org/errata/2006/0002/
- http://www.vupen.com/english/advisories/2006/0116
- http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24047