Signature Detail
Short Name |
HTTP:STC:DL:CLAMAV-UPX-FILE-MC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ClamAV UPX File PE parsing Memory Access Error |
Release Date |
2013/06/20 |
Update Number |
2275 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: ClamAV UPX File PE parsing Memory Access Error
This signature detects attempts to exploit a known vulnerability against ClamAV UPX File. A successful attack can lead to arbitrary code execution.
Extended Description
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.
Affected Products
- canonical ubuntu_linux 10.04 (-:lts)
- canonical ubuntu_linux 11.10
- canonical ubuntu_linux 12.04 (-:lts)
- canonical ubuntu_linux 12.10
- canonical ubuntu_linux 13.04
- clamav 0.90.1
- clamav 0.90.1_p0
- clamav 0.90.2
- clamav 0.90.2_p0
- clamav 0.90.3
- clamav 0.90.3_p0
- clamav 0.90.3_p1
- clamav 0.90 (rc1)
- clamav 0.90 (rc1.1)
- clamav 0.90 (rc2)
- clamav 0.90 (rc3)
- clamav 0.91.1
- clamav 0.91.2
- clamav 0.91.2_p0
- clamav 0.91 (rc1)
- clamav 0.91 (rc2)
- clamav 0.92
- clamav 0.92.1
- clamav 0.92_p0
- clamav 0.93
- clamav 0.93.1
- clamav 0.93.2
- clamav 0.93.3
- clamav 0.94
- clamav 0.94.1
- clamav 0.94.2
- clamav 0.95.1
- clamav 0.95.2
- clamav 0.95.3
- clamav 0.95 (rc1)
- clamav 0.95 (rc2)
- clamav 0.95 (src1)
- clamav 0.95 (src2)
- clamav 0.96.1
- clamav 0.96.2
- clamav 0.96.3
- clamav 0.96.4
- clamav 0.96.5
- clamav 0.96 (rc1)
- clamav 0.96 (rc2)
- clamav 0.97.1
- clamav 0.97.2
- clamav 0.97.3
- clamav 0.97.4
- clamav 0.97.5
- clamav 0.97 (rc)
- clamav 0.9 (rc1)
- clamav up to 0.97.7
References
- CVE: CVE-2013-2020