• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability

ClamAV's freshclam utility is susceptible to a remote buffer-overflow vulnerability. The utility fails to perform sufficient boundary checks in server-supplied HTTP data before copying it to an insufficiently sized memory buffer.

To exploit this issue, attackers must subvert webservers in the ClamAV database server pool. Or, they would perform DNS-based attacks or man-in-the-middle attacks to cause affected freshclam applications to connect to attacker-controlled webservers.

This issue allows remote attackers to execute arbitrary machine code in the context of the freshclam utility. The affected utility may run with superuser privileges, aiding remote attackers in the complete compromise of affected computers.

ClamAV versions 0.88 and 0.88.1 are affected by this issue.