SOL6806 - ClamAV UPX heap overflow Vulnerability - CVE-2006-4018

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software.

A vulnerability in ClamAV 0.88.4 and earlier versions could allow a remote attacker to crash the scanner process or execute code remotely using a specially crafted file in UPX format (packed executable). This file format is used by Windows-based executable binaries (applications) for compressing executable files in a self-extracting format. The ClamAV daemon can be terminated by a file crafted to crash the module which unpacks the UPX files.

F5 will fix this issue by upgrading to version 0.88.5 of ClamAV.

Information about this issue is available at the following locations:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018&gt;

http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=233510

<http://sourceforge.net/project/shownotes.php?release_id=437903&gt;

Note: These links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.

F5 Product Development tracked this issue as CR71088 and it was fixed in FirePass 6.0.1. For information about upgrading, refer to the FirePass release notes.

Additionally, a hotfix has been issued for all currently supported versions of FirePass software. Customers running 5.5.2 or 6.0 versions of FirePass software should download the latest cumulative hotfix. Customers running other versions affected by this issue should contact F5 Technical Support to request the hotfix. Include the CR number and the number of this article in your correspondence.

For instructions about how to obtain a hotfix, refer to SOL167: Downloading software and firmware from F5.

For information about installing a hotfix, refer to SOL3430: Installing hotfixes.