| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
clamav: arbitrary file overwrite
| Package(s): | clamav | CVE #(s): | CVE-2007-6595 | |||||||||
| Created: | February 18, 2008 | Updated: | April 24, 2008 | |||||||||
| Description: | From the CVE entry: ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files in the cli_gentempfd function in libclamav/others.c or on (2) .ascii files in sigtool, when utf16-decode is enabled. | |||||||||||
| Alerts: |
| |||||||||||
(Log in to post comments)
clamav: arbitrary file overwrite
Posted Feb 22, 2008 12:26 UTC (Fri) by im14u2c (subscriber, #5246) [Link]
I don't scroll down this page that often, but when I do, ClamAV always seems to be here... Why is that? (I just did a search at the CVE database, and it tells me there were 21 vulnerabilities in the last year. Cross that with staggering across different distributions releasing updates for the same vulnerability, and I guess it *would* be here pretty much every week. Wow.)
clamav: arbitrary file overwrite
Posted Feb 22, 2008 17:00 UTC (Fri) by bronson (subscriber, #4806) [Link]
Lessee... http://nvd.nist.gov/nvd.cfm?advancedsearch A quick search shows 53 vulnerabilities -- mostly medium and high -- since May 2005. They've been running at 1.6 vulnerabilities per month for almost 3 years! You're not mistaken. Can anybody explain why clamav has such an awful security record? I ran clamav until it choked on a poorly-formatted MIME attachment in 2005 and stalled my mail queue for days. Since it was adding significantly to my headache surface and SpamAssassin was rejecting most of the viruses anyway, ClamAV was banished without regret. That's funny... The very program on your computer meant to reduce viruses makes it easy to -- by receiving a single email -- turne your Linux server into a virus host. You've got fail. (Of course, this particular bug doesn't look all that scary to me... Nobody runs important servers on the same box as they have untrusted users, do they?)
clamav: arbitrary file overwrite
Posted Feb 25, 2008 20:44 UTC (Mon) by janfrode (subscriber, #244) [Link]
> Can anybody explain why clamav has such an awful security record? Maybe because it has to support unpacking of all kinds of file formats (arj, rar, zoo, zip, base64, uuencoded, pdf, etc..) based on unpackers/libraries which are typically not written with with security in mind. CVE-2007-6337 -- vulnerability in the bzip2 decompression algorithm CVE-2007-6336 -- ... crafted MS-ZIP compressed CAB file. CVE-2007-6335 -- ... crafted MEW packed PE file CVE-2007-3725 -- ... crafted RAR archive CVE-2007-3123 -- ... crafted RAR file CVE-2007-3122 -- bypass scanning via a RAR file with a header flag Still I feel quite a bit safer with clamav (+selinux) on our mail gateways, than I did with Trend Micro IMSS..
clamav: arbitrary file overwrite
Posted Feb 25, 2008 21:02 UTC (Mon) by im14u2c (subscriber, #5246) [Link]
I guess that makes sense somewhat. I imagine these vulnerabilities get fixed in the upstream packages too, so it makes everything more secure.