[Pkg-clamav-devel] Bug#770985: Bug#770985: Bug#770985: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Scott Kitterman
debian at kitterman.com
Thu Nov 27 12:33:22 UTC 2014
On Thursday, November 27, 2014 10:32:29 AM Evgeni Golov wrote:
> On Thu, Nov 27, 2014 at 09:38:08AM +0100, Evgeni Golov wrote:
> > On Tue, Nov 25, 2014 at 04:30:43PM -0500, Scott Kitterman wrote:
> > > On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior
wrote:
> > > > On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote:
> > > > > Version: 0.98.1+dfsg-1+deb6u3
> > > > >
> > > > > A heap buffer overflow was reported in [1] in ClamAV when scanning a
> > > > > specially crafted y0da Crypter obfuscated PE file.
> > > > > Note that this is remotely exploitable when ClamAV is used as a mail
> > > > > gateway scanner.
> > > >
> > > > we are aware of the situtation, a stable upload is already waiting.
> > > > Please
> > > > note that there won't be an update for Squeeze unless the LTS team
> > > > does so.
> > >
> > > I did add clamav to the list of packages needing an update for the LTS
> > > (and
> > > libclamunrar too), so the LTS team is aware of it.
> >
> > Thanks, working on the clamav one now for LTS.
> >
> > Upstreams patch applies just fine on the version in Squeeze, so I guess
> > it would be better to apply it, instead of pulling in the new upstream?
>
> Sadly, the patch does not solve the issue itself. clamscan -a still
> segfaults for me after the patch.
>
> I'll try to figure out what else is needed.
For clamav it's more trouble than it's worth to try and tease out specific
changes, since you need the new capabilities just to stay even with the bad
guys anyway. If you want to update clamav for the LTS, the changes the Ubuntu
Security team did for Ubuntu 12.04 as it's similar to Squeeze in the relevant
areas (Note: the source for clamav is generally in sync between Ubuntu and
Debian, so the changes between Stable/Jessie/Testing and the Ubuntu 12.04
update are primarily the ones you'd likely want for Squeeze, but I didn't
specifically test this).
https://launchpad.net/ubuntu/+archive/primary/+files/clamav_0.98.5%2Baddedllvm-0ubuntu0.12.04.1.dsc
Scott K
More information about the Pkg-clamav-devel
mailing list