Skip site navigation (1)Skip section navigation (2) 
Date:      Tue,  8 Aug 2006 06:59:19 -0400 (EDT)
From:      Michael Scheidell <scheidell@secnap.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        garga@FreeBSD.org
Subject:   ports/101649: upgrade to 88.4, possible security issues
Message-ID:  <20060808105919.45AAA137BC0@scanner.secnap.net>
Resent-Message-ID: <200608081100.k78B0fB5061443@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         101649
>Category:       ports
>Synopsis:       upgrade to 88.4, possible security issues
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 08 11:00:41 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 4.11-RELEASE-p16 i386
>Organization:
SECNAP Network Security
>Environment:
System: FreeBSD scanner.secnap.net 4.11-RELEASE-p16 FreeBSD 4.11-RELEASE-p16 #17: Mon Apr 10 13:21:44 EDT 2006 root@scanner.secnap.net:/usr/obj/usr/src/sys/SCANNER i386

>Description:

	Clamav has released version 88.4 in response to reports of DOS
attacks against UPX packer.
>From their release notes:
    *   CVE: XXXXXXXXXXXXXXX
    * Status: Critical
    * Vulnerable: ClamAV 0.81 - 0.88.3

A heap overflow vulnerability was discovered in libclamav which could
cause a denial of service or allow the execution of arbitrary code.

The problem is specifically located in the PE file rebuild function used
by the UPX unpacker.

Due to improper validation it is possible to overflow the above memcpy()
beyond the allocated memory block.

The problem has been fixed in 0.88.4. 

>How-To-Repeat:

Relevant code from libclamav/upx.c:

  memcpy(dst, newbuf, foffset);
  *dsize = foffset;
  free(newbuf);

  cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");
  return 1;

>Fix:

	apply patches, upgrade:
 diff -bBru Makefile.orig Makefile
--- Makefile.orig       Mon Jul  3 08:42:52 2006
+++ Makefile    Mon Aug  7 19:01:20 2006
@@ -6,7 +6,7 @@
 #

 PORTNAME=      clamav
-PORTVERSION=   0.88.3
+PORTVERSION=   0.88.4
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE_EXTENDED}
 MASTER_SITE_SUBDIR=    clamav
 diff -bBru distinfo.orig distinfo
--- distinfo.orig       Mon Jul  3 08:42:52 2006
+++ distinfo    Tue Aug  8 06:40:46 2006
@@ -1,3 +1,3 @@
-MD5 (clamav-0.88.3.tar.gz) = 330206089713e73a44afc7a4d6450225
-SHA256 (clamav-0.88.3.tar.gz) = 26104bca0780ed8eb99f5a08259bf09d55a374572ba1af28e661cae64da5fb84
-SIZE (clamav-0.88.3.tar.gz) = 7154152
+MD5 (clamav-0.88.4.tar.gz) = 7759784aa4506b314e6543e0f2a8587b
+SHA256 (clamav-0.88.4.tar.gz) = a581f2f7c93fac9e7a4caf5c1f15f5e7722a4739aaaa3f07dd9076e1097d157f
+SIZE (clamav-0.88.4.tar.gz) = 7632947


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060808105919.45AAA137BC0>