ClamAV eliminates DoS vulnerabilities [Update]
The ClamAV open source virus scanner, recently taken over by Sourcefire, can be exploited by attackers using specially crafted Rich Text (RTF) or HTML files, causing it to crash. The developers have released a new version to eliminate the vulnerabilities.
In the function cli_scanrtf() from the file rtf.c a null pointer dereference can occur when the software tries to free again a previously freed pointer. The fault may be exploited to cause a denial of service, crashing the scanner. A null pointer dereference can also occur in the function cli_html_normalise() from the file htmlnorm.c when the system is presented with crafted HTML files which contain data: URLs.
The developers have eliminated these vulnerabilities in Version 0.91.2 of ClamAV. Users of the software should install the update as soon as possible. In the meantime, Linux distributors are probably also providing updated packages.
Version 0.91.2 of ClamAV also fixes a security vulnerability in clamav-milter. Attackers may execute arbitrary code if older versions of the software are used in combination with sendmail.
- Changelog, Overview of changes to ClamAV 0.91.2
- ClamAV Remote Code Execution Advisory, Security advisory by n.runs
- Download of the current ClamAV version