Signature Detail

APP: ClamAV UPX File Handling Buffer Overflow (HTTP)

This signature detects attempts to exploit a known vulnerability in ClamAV. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Extended Description

ClamAV is prone to a remote buffer-overflow vulnerability. This condition occurs when the program processes malformed UPX-compressed executables. Successful exploitation may result in the execution of arbitrary code in the context of the application.

Affected Products

• Clam Anti-Virus ClamAV 0.51.0
• Clam Anti-Virus ClamAV 0.52.0
• Clam Anti-Virus ClamAV 0.53.0
• Clam Anti-Virus ClamAV 0.54.0
• Clam Anti-Virus ClamAV 0.60.0
• Clam Anti-Virus ClamAV 0.65.0
• Clam Anti-Virus ClamAV 0.67.0
• Clam Anti-Virus ClamAV 0.68.0
• Clam Anti-Virus ClamAV 0.68.0 -1
• Clam Anti-Virus ClamAV 0.70.0
• Clam Anti-Virus ClamAV 0.75.1
• Clam Anti-Virus ClamAV 0.80.0
• Clam Anti-Virus ClamAV 0.80.0 Rc1
• Clam Anti-Virus ClamAV 0.80.0 Rc2
• Clam Anti-Virus ClamAV 0.80.0 Rc3
• Clam Anti-Virus ClamAV 0.80.0 Rc4
• Clam Anti-Virus ClamAV 0.81.0
• Clam Anti-Virus ClamAV 0.82.0
• Clam Anti-Virus ClamAV 0.83.0
• Clam Anti-Virus ClamAV 0.84.0
• Clam Anti-Virus ClamAV 0.84.0 Rc1
• Clam Anti-Virus ClamAV 0.84.0 Rc2
• Clam Anti-Virus ClamAV 0.85.0
• Clam Anti-Virus ClamAV 0.85.1
• Clam Anti-Virus ClamAV 0.86.0
• Clam Anti-Virus ClamAV 0.86.0 .1
• Clam Anti-Virus ClamAV 0.86.2
• Conectiva Linux 10.0.0
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0

References

• BugTraq: 14866
• CVE: CVE-2005-2920