ClamAV 0.92 fixes security vulnerability
The ClamAV open source anti-virus development team have released version 0.92, which fixes a security vulnerability that an attacker could exploit to inject malicious code. According to security services provider iDefense, the bug is present in older versions of the software and can be exploited when scanning certain run time packed executables.
When unpacking executable Windows files in portable executable format (PE) which have been packed using the MEW run time packer, the scan engine relies on length information from the file header without checking its validity. Because this information is subsequently used to calculate the memory area to be reserved on the heap, a potential integer overflow can result in the memory area being too small and a buffer overflow occurring. This can allow injected code to be executed with the privileges of the anti-virus software.
Source code for the bug-fixed version 0.92 can be downloaded from the ClamAV website. Linux distributors should be distributing updated packages shortly, which users should install ASAP. Administrators who use the software on, for example, mail servers, should either compile the anti-virus software from the updated source code themselves or deactivate examination of PE files using the software's configuration options until an update becomes available.
- ClamAV libclamav MEW PE File Integer Overflow Vulnerability, security advisory from iDefense
- Download the latest version of ClamAV