Vulnerabilities in free anti-virus software ClamAV
The developers of the free anti-virus program ClamAV for UNIX have released version 0.90.2 for download. The update fixes several minor bugs, and also two potential security vulnerabilities which can be exploited to knock the software off its stride or to compromise the system. The first bug depends on an incorrect file descriptor, caused by processing prepared CHM help files in the chm_decompress_stream function in the libclamav/chmunpack.c module. The bug causes the software to crash.
The second vulnerability is in the cab_unstore and cab_extract functions for loading CAB archives. The bug allows CAB archives with a manipulated offset to cause a crash as a result of a buffer overflow. It cannot be ruled out that this bug might also be exploitable to inject and execute code. On mail gateways in particular, no user interaction is required to exploit the bug - an e-mail with a crafted attachment is sufficient.
No further details are given, however iDefense, who discovered the vulnerability, are expected to release a detailed advisory soon. Users should download and compile the new version as soon as possible or wait for packets from the Linux distributors.
- Rele ase 0.90.2, list of bug fixes in ClamAV