Hi ..
I thought this could be of interest to the group- if you are using ClamAV -0.86.1. Saw this in a security newsletter.
Regards,
_
Kami
*************************
Widely Deployed Software
*************************
(1) HIGH: ClamAV Multiple Buffer Overflows
Affected: ClamAV version 0.86.1 and prior
Description: ClamAV is an open-source antivirus software designed mainly for
scanning emails on UNIX mail gateways. The software includes a virus scanning
library - libClamAV. This library is used by many third party email, web, FTP
scanners as well as mail clients. The library contains three integer overflows
that can be triggered by specially crafted TNEF (Microsoft Rich Text), CHM
(Microsoft Help) and FSG (Packed Executable Format) files. The attacker can
send the malicious files via email, web, FTP or a file share, and exploit the
heap-based overflows to execute arbitrary code on the system running the ClamAV
library. The technical details can be obtained by comparing the fixed and the
affected versions of the software. Note that for compromising the mail/web/FTP
gateways no user interaction is required.
Status: The vendor has released ClamAV 0.86.2 to address these issues. Please
look for third party updates for the software linked to libClamAV.
Council Site Actions: The affected software and/or configuration are not in
production or widespread use, or are not officially supported at any of the
council sites. They reported that no action was necessary.
References:
Posting by rem0te security
http://archives.neohapsis.com/archives/bugtraq/2005-07/0414.html
Third Party Software Using ClamAV
http://www.clamav.net/whos.html#pagestart (Includes Mac OS X server)
http://www.clamav.net/3rdparty.html#pagestart
SecurityFocus BID
http://www.securityfocus.com/bid/14359
