|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476
|
| |
Vulnerable Systems:
* Clam AntiVirus ClamAV version 0.88.6.
* All versions prior to the 0.90 stable release are suspected to be vulnerable.
The vulnerability specifically exists due to the lack of validation of the id parameter string taken from a MIME header. When parsing a multi-part message clam takes this string from the header and uses it to create a local file. By sending a string such as "../../../../some/file" an attacker can create or overwrite an arbitrary file owned by the clamd process. Data from the message body is later written to this file.
Exploitation allows attackers to degrade the service of the ClamAV virus scanning service. The most important mitigating factor is that the clam process runs with the privileges of the clamav user and group. This group has access to a limited subset of files on the host. A possible target for overwriting is the virus database file. By overwriting this file an attacker could then send a virus through the gateway without clam recognizing it; this effectively denies service. Arbitrary viruses will be allowed to pass through, creating a false sense of security.
Vendor Status:
Clam AntiVirus has addressed this vulnerability in the version 0.90 stable release.
CVE Information:
CVE-2007-0898
Disclosure Timeline:
* 02/07/2007 - Initial vendor notification
* 02/13/2007 - Initial vendor response
* 02/15/2007 - Coordinated public disclosure
|
|
|
|
|
