K6806 : ClamAV UPX heap overflow Vulnerability - CVE-2006-4018

2013-03-2700:00:00

my.f5.com

6.3 Medium

AI Score

Confidence

Low

0.875 High

EPSS

Percentile

98.7%

JSON

Security Advisory Description

Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.

F5 products and versions that have been evaluated for this Security Advisory

Product	Affected	Not Affected
BIG-IP LTM	None	9.x
10.x
11.x
BIG-IP GTM	None	9.x
10.x
11.x
BIG-IP ASM	None	9.x
10.x
11.x
BIG-IP Link Controller	None	9.x
10.x
11.x
BIG-IP WebAccelerator	None	9.x
10.x
11.x
BIG-IP PSM	None	9.x
10.x
11.x
BIG-IP WAN Optimization	None	10.x
11.x
BIG-IP APM	None	10.x
11.x
BIG-IP Edge Gateway	None	10.x
11.x
BIG-IP Analytics	None	11.x
BIG-IP AFM	None	11.x
BIG-IP PEM	None	11.x
FirePass	5.0.0 - 5.5.2
6.0.0	6.0.1 - 6.0.3
6.1.x
7.x
Enterprise Manager	None	1.x
2.x

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software.

A vulnerability in ClamAV 0.88.4 and earlier versions could allow a remote attacker to crash the scanner process or execute code remotely using a specially crafted file in UPX format (packed executable). This file format is used by Windows-based executable binaries (applications) for compressing executable files in a self-extracting format. The ClamAV daemon can be terminated by a file crafted to crash the module which unpacks the UPX files.

F5 will fix this issue by upgrading to version 0.88.5 of ClamAV.

Information about this issue is available at the following locations:

<https://vulners.com/cve/CVE-2006-4018>

http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=233510

Note: These links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.

F5 Product Development tracked this issue as CR71088 and it was fixed in FirePass 6.0.1. For information about upgrading, refer to the FirePass release notes.

Additionally, a hotfix has been issued for all currently supported versions of FirePass software. Customers running 5.5.2 or 6.0 versions of FirePass software should download the latest cumulative hotfix. Customers running other versions affected by this issue should contact F5 Technical Support to request the hotfix. Include the CR number and the number of this article in your correspondence.

For instructions about how to obtain a hotfix, refer to K167: Downloading software and firmware from F5.

For information about installing a hotfix, refer to K3430: Installing hotfixes.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip analyticseq11.0.0
big-ip analyticseq11.1.0
big-ip analyticseq11.2.0
big-ip analyticseq11.2.1
big-ip analyticseq11.3.0
big-ip apmeq10.1.0
big-ip apmeq10.2.0
big-ip apmeq10.2.1
big-ip apmeq10.2.2

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip analytics	eq	11.0.0
big-ip analytics	eq	11.1.0
big-ip analytics	eq	11.2.0
big-ip analytics	eq	11.2.1
big-ip analytics	eq	11.3.0
big-ip apm	eq	10.1.0
big-ip apm	eq	10.2.0
big-ip apm	eq	10.2.1
big-ip apm	eq	10.2.2