From owner-freebsd-security@FreeBSD.ORG Tue Nov 11 16:11:24 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B12E1065691 for ; Tue, 11 Nov 2008 16:11:24 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx1.freebsd.org (Postfix) with ESMTP id 262198FC31 for ; Tue, 11 Nov 2008 16:11:24 +0000 (UTC) (envelope-from marquis@roble.com) Date: Tue, 11 Nov 2008 08:01:20 -0800 (PST) From: Roger Marquis To: freebsd-security@freebsd.org In-Reply-To: <20081111120022.60DD110657DB@hub.freebsd.org> References: <20081111120022.60DD110657DB@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Message-Id: <20081111160120.B49F32B2089@mx5.roble.com> Subject: Re: ports/128749: [vuxml] VBA parser vulnerability in ClamAV X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Nov 2008 16:11:24 -0000 > As was recently reported in the BugTraq list, VBA parser in ClamAV is > contains the off-by-one overflow and can lead to the arbitrary code > execution within the clamd process. > > VBA component seem to be unconditionally included to the libclamav > and OLE2 scanning is "on" by-default. FWIW, clamav-0.94.1 does not compile under 5.X without CONFIGURE_ARGS+= --disable-gethostbyname_r. When compiled this way it does not run (exits after initialization with no error logging). Though 5.X is no longer officially supported there are many sites still running it which could benefit from a patch, assuming it would be trivial to create such a patch. Roger Marquis