Lucene search

K
seebugRootSSV:3439
HistoryJun 20, 2008 - 12:00 a.m.

ClamAV petite.c无效内存访问绝服务漏洞

2008-06-2000:00:00
Root
www.seebug.org
11

0.167 Low

EPSS

Percentile

96.1%

BUGTRAQ ID: 29750
CVE(CAN) ID: CVE-2008-2713

Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。

ClamAV的libclamav/petite.c文件中存在拒绝服务漏洞,如果用户受骗打开了特制的Petite加壳可执行程序的话,就会在以下代码段的memcpy()中触发越界读取,导致拒绝服务的情况:

  cli_writeint32(curpe+0x24, 0xffffffff);
  memcpy(pefile+rawbase, buffer+sections[i].raw, sections[i].rsz);
  rawbase+=PESALIGN(sections[i].rsz, 0x200);
  curpe+=40;
  datasize+=PESALIGN(sections[i].vsz, 0x1000);

ClamAV < 0.93.1
ClamAV

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&amp;path=/branches/0.93/libclamav/petite.c&amp;rev=3886” target=“_blank”>http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&amp;path=/branches/0.93/libclamav/petite.c&amp;rev=3886</a>