漏洞信息详情
ClamAV libclamav/upx.c缓冲区溢出漏洞
- CNNVD编号:CNNVD-200509-172
- 危害等级: 高危
- CVE编号: CVE-2005-2920
- 漏洞类型: 缓冲区溢出
- 发布时间: 2005-09-20
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: clam_anti-virus
- 漏洞来源: Discovery is credi...
漏洞简介
Clam AntiVirus(ClamAV)是ClamAV团队开发的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。
Clam AntiVirus (ClamAV) 0.87之前版本中的libclamav/upx.c发生的缓冲区溢出允许远程攻击者通过伪造UPX压缩可执行文件来执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Clam Anti-Virus ClamAV 0.51版
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.67
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=8663
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.81
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Mandriva clamav-0.87-0.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3
参考网址
来源: US-CERT
名称: VU#363713
链接:http://www.kb.cert.org/vuls/id/363713
来源: GENTOO
名称: GLSA-200509-13
链接:http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml
来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=356974
来源: XF
名称: clam-antivirus-upx-bo(22307)
链接:http://xforce.iss.net/xforce/xfdb/22307
来源: BID
名称: 14866
链接:http://www.securityfocus.com/bid/14866
来源: OSVDB
名称: 19506
链接:http://www.osvdb.org/19506
来源: SUSE
名称: SUSE-SA:2005:055
链接:http://www.novell.com/linux/security/advisories/2005_55_clamav.HTML
来源: VUPEN
名称: ADV-2005-1774
链接:http://www.frsirt.com/english/advisories/2005/1774
来源: DEBIAN
名称: DSA-824
链接:http://www.debian.org/security/2005/dsa-824
来源: SECUNIA
名称: 16989
链接:http://secunia.com/advisories/16989
来源: SECUNIA
名称: 16848
链接:http://secunia.com/advisories/16848
受影响实体
- Clam_anti-Virus Clamav:0.81
- Clam_anti-Virus Clamav:0.82
- Clam_anti-Virus Clamav:0.83
- Clam_anti-Virus Clamav:0.84
- Clam_anti-Virus Clamav:0.85
补丁
暂无
评论