[gentoo-announce] [ GLSA 200709-14 ] ClamAV: Multiple vulnerabilities - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200709-14 ] ClamAV: Multiple vulnerabilities
Date:	Thu, 20 Sep 2007 22:17:19
Message-Id:	`46F2EB67.3050701@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200709-14

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: High

11

     Title: ClamAV: Multiple vulnerabilities

12

      Date: September 20, 2007

13

      Bugs: #189912

14

        ID: 200709-14

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Vulnerabilities have been discovered in ClamAV allowing remote

22

execution of arbitrary code and Denial of Service attacks.

23

24

Background

25

==========

26

27

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,

28

designed especially for e-mail scanning on mail gateways.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package               /  Vulnerable  /                 Unaffected

35

    -------------------------------------------------------------------

36

  1  app-antivirus/clamav      < 0.91.2                      >= 0.91.2

37

38

Description

39

===========

40

41

Nikolaos Rangos discovered a vulnerability in ClamAV which exists

42

because the recipient address extracted from email messages is not

43

properly sanitized before being used in a call to "popen()" when

44

executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference

45

errors exist within the "cli_scanrtf()" function in libclamav/rtf.c and

46

Stefanos Stamatis discovered a NULL-pointer dereference vulnerability

47

within the "cli_html_normalise()" function in libclamav/htmlnorm.c

48

(CVE-2007-4510).

49

50

Impact

51

======

52

53

The unsanitized recipient address can be exploited to execute arbitrary

54

code with the privileges of the clamav-milter process by sending an

55

email with a specially crafted recipient address to the affected

56

system. Also, the NULL-pointer dereference errors can be exploited to

57

crash ClamAV. Successful exploitation of the latter vulnerability

58

requires that clamav-milter is started with the "black hole" mode

59

activated, which is not enabled by default.

60

61

Workaround

62

==========

63

64

There is no known workaround at this time.

65

66

Resolution

67

==========

68

69

All ClamAV users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91.2"

73

74

References

75

==========

76

77

  [ 1 ] CVE-2007-4510

78

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510

79

  [ 2 ] CVE-2007-4560

80

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560

81

82

Availability

83

============

84

85

This GLSA and any updates to it are available for viewing at

86

the Gentoo Security Website:

87

88

  http://security.gentoo.org/glsa/glsa-200709-14.xml

89

90

Concerns?

91

=========

92

93

Security is a primary focus of Gentoo Linux and ensuring the

94

confidentiality and security of our users machines is of utmost

95

importance to us. Any security concerns should be addressed to

96

security@g.o or alternatively, you may file a bug at

97

http://bugs.gentoo.org.

98

99

License

100

=======

101

102

Copyright 2007 Gentoo Foundation, Inc; referenced text

103

belongs to its owner(s).

104

105

The contents of this document are licensed under the

106

Creative Commons - Attribution / Share Alike license.

107

108

http://creativecommons.org/licenses/by-sa/2.5

109

110

-----BEGIN PGP SIGNATURE-----

111

Version: GnuPG v1.4.7 (GNU/Linux)

112

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

113

114

iD8DBQFG8utnuhJ+ozIKI5gRAmMkAKCDDq+kFKHDaDbdWWWyHd7UcWISQwCbB+39

115

/DA8NxuOjBKxEw0ESjw2bgY=

116

=QLPG

117

-----END PGP SIGNATURE-----

118

--

119

gentoo-announce@g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200709-14
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: High
11	Title: ClamAV: Multiple vulnerabilities
12	Date: September 20, 2007
13	Bugs: #189912
14	ID: 200709-14
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Vulnerabilities have been discovered in ClamAV allowing remote
22	execution of arbitrary code and Denial of Service attacks.
23
24	Background
25	==========
26
27	Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
28	designed especially for e-mail scanning on mail gateways.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 app-antivirus/clamav < 0.91.2 >= 0.91.2
37
38	Description
39	===========
40
41	Nikolaos Rangos discovered a vulnerability in ClamAV which exists
42	because the recipient address extracted from email messages is not
43	properly sanitized before being used in a call to "popen()" when
44	executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference
45	errors exist within the "cli_scanrtf()" function in libclamav/rtf.c and
46	Stefanos Stamatis discovered a NULL-pointer dereference vulnerability
47	within the "cli_html_normalise()" function in libclamav/htmlnorm.c
48	(CVE-2007-4510).
49
50	Impact
51	======
52
53	The unsanitized recipient address can be exploited to execute arbitrary
54	code with the privileges of the clamav-milter process by sending an
55	email with a specially crafted recipient address to the affected
56	system. Also, the NULL-pointer dereference errors can be exploited to
57	crash ClamAV. Successful exploitation of the latter vulnerability
58	requires that clamav-milter is started with the "black hole" mode
59	activated, which is not enabled by default.
60
61	Workaround
62	==========
63
64	There is no known workaround at this time.
65
66	Resolution
67	==========
68
69	All ClamAV users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91.2"
73
74	References
75	==========
76
77	[ 1 ] CVE-2007-4510
78	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510
79	[ 2 ] CVE-2007-4560
80	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560
81
82	Availability
83	============
84
85	This GLSA and any updates to it are available for viewing at
86	the Gentoo Security Website:
87
88	http://security.gentoo.org/glsa/glsa-200709-14.xml
89
90	Concerns?
91	=========
92
93	Security is a primary focus of Gentoo Linux and ensuring the
94	confidentiality and security of our users machines is of utmost
95	importance to us. Any security concerns should be addressed to
96	security@g.o or alternatively, you may file a bug at
97	http://bugs.gentoo.org.
98
99	License
100	=======
101
102	Copyright 2007 Gentoo Foundation, Inc; referenced text
103	belongs to its owner(s).
104
105	The contents of this document are licensed under the
106	Creative Commons - Attribution / Share Alike license.
107
108	http://creativecommons.org/licenses/by-sa/2.5
109
110	-----BEGIN PGP SIGNATURE-----
111	Version: GnuPG v1.4.7 (GNU/Linux)
112	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
113
114	iD8DBQFG8utnuhJ+ozIKI5gRAmMkAKCDDq+kFKHDaDbdWWWyHd7UcWISQwCbB+39
115	/DA8NxuOjBKxEw0ESjw2bgY=
116	=QLPG
117	-----END PGP SIGNATURE-----
118	--
119	gentoo-announce@g.o mailing list

Gentoo Archives: gentoo-announce