In association with heise online

11 November 2008, 11:39

Vulnerability closed in ClamAV 0.94.1

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In version 0.94.1 of the open source ClamAV virus scanner, which was released at the end of October, the developers closed a vulnerability that allowed denial of service attacks on the scanner. According to Moritz Jodeit, the problem is caused by an off-by-one heap overflow in the get_unicode_name function in libclamav/vba_extract.c. It is usually not possible to directly inject and execute arbitrary code using an off-by-one buffer overflow, as typically only one single byte is overwritten in the process. This may be used to offset a function pointer, so that attackers can still potentially exploit the hole for executing their own code.

The flaw can cause the Clamd service to crash, which can present a threat especially for mail gateways. It occurs when parsing specially crafted VBA project files. ClamAV versions up to and including 0.94 are addected

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit