>
> TITLE:
> Clam AntiVirus pefromupx() Buffer Overflow Vulnerability
>
> SECUNIA ADVISORY ID:
> SA21374
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Clam AntiVirus (clamav) 0.x
>
>
> DESCRIPTION:
> Damian Put has discovered a vulnerability in Clam AntiVirus, which
> can be exploited by malicious people to cause a DoS (Denial of
> Service) and potentially compromise a vulnerable system.
>
> The vulnerability is caused due to an boundary error in the
> "pefromupx()" function in libclamav/upx.c when unpacking PE
> executable files compressed with UPX. This can be exploited to cause
> a heap-based buffer overflow via a specially crafted UPX compressed
> file.
>
> Successful exploitation crashes the service and may allow execution
> of arbitrary code.
>
> The vulnerability has been confirmed in versions 0.88.2 and 0.88.3.
> Other versions may also be affected.
>
> SOLUTION:
> Disable the "ScanPE" option for clamd and start clamscan with the
> "--no-pe" option. Please note that this completely disables the
> scanning of PE files. Then block or filter PE files in some other
> way.
>
> PROVIDED AND/OR DISCOVERED BY:
> Damian Put
>
> ORIGINAL ADVISORY:
>
>
