Gentoo: GLSA-200709-14: ClamAV: Multiple vulnerabilities
Summary
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gentoo Linux Security Advisory GLSA 200709-14 https://security.gentoo.org/
Severity: High Title: ClamAV: Multiple vulnerabilities Date: September 20, 2007 Bugs: #189912 ID: 200709-14
Synopsis ======= Vulnerabilities have been discovered in ClamAV allowing remote execution of arbitrary code and Denial of Service attacks.
Background ========= Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-antivirus/clamav < 0.91.2 >= 0.91.2
========== Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to "popen()" when executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference errors exist within the "cli_scanrtf()" function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL-pointer dereference vulnerability within the "cli_html_normalise()" function in libclamav/htmlnorm.c (CVE-2007-4510).
Impact ===== The unsanitized recipient address can be exploited to execute arbitrary code with the privileges of the clamav-milter process by sending an email with a specially crafted recipient address to the affected system. Also, the NULL-pointer dereference errors can be exploited to crash ClamAV. Successful exploitation of the latter vulnerability requires that clamav-milter is started with the "black hole" mode activated, which is not enabled by default.
Workaround ========= There is no known workaround at this time.
Resolution ========= All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91.2"
References ========= [ 1 ] CVE-2007-4510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510 [ 2 ] CVE-2007-4560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560
Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/200709-14
Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org/.
License ====== Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFG8utnuhJ+ozIKI5gRAmMkAKCDDq+kFKHDaDbdWWWyHd7UcWISQwCbB+39 /DA8NxuOjBKxEw0ESjw2bgY=QLPG -----END PGP SIGNATURE-----