Categorie: Vulnerability Posted: 2003-11-13 by ReCall Views: 355 Source: Click here
Current Rating: Not rated
Details
Description: A format string vulnerability was reported in Clam AntiVirus. A remote user can execute arbitrary code on the target system.
Secure Network Operations Strategic Reconnaissance Team reported that clamav-milter contains a format string flaw that can be exploited by a remote user if syslog support is configured.
A remote user can send an e-mail with a specially crafted "From:" address containing "%" characters and with e-mail content that will trigger a virus rule to the target system. In this case, the remote user's e-mail address will be passed to syslog() without appropriate validation. The syslog call is reportedly made without a format specifier. A remote user can cause the target Clam AntiVirus software to crash or to execute arbitrary code.
A demonstration exploit string is provided:
"mail from: %n%n%n%n%n%n%n"
Impact: A remote user can cause the 'clamav-milter' process to crash or execute arbitrary code. The arbitrary code will run with the privileges of the Clam AntiVirus user or with root privileges, depending on how the system is configured.
Solution: The vendor has released a fix in clamav-devel-20031111 and clamav-0.65, available at:
