U radu programskog paketa ClamAV uočena su tri nova sigurnosna propusta. Udaljeni ih napadač može iskoristiti za zaobilaženje detekcije zloćudnih programskih paketa.
Paket:
ClamAV 0.x
Operacijski sustavi:
Mandriva Linux Enterprise Server 5.0
Kritičnost:
4.3
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-1457, CVE-2012-1458, CVE-2012-1459
Izvorni ID preporuke:
MDVSA-2012:094
Izvor:
Mandriva
Problem:
Sigurnosne ranjivosti su posljedica neodgovarajuće implementacije komponenti "TAR file parser" i "Microsoft CHM file parser".
Posljedica:
Udaljeni napadač spomenute ranjivosti može iskoristiti za izbjegavanje detekcije zloćudnih programa.
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje njegova nadogradnja na novije inačice.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:094
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : June 18, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
This is a bugfix release that upgrades clamav to the latest version
(0.97.5) that resolves the following security issues:
The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass
malware detection via a TAR archive entry with a length field that
exceeds the total TAR file size. NOTE: this may later be SPLIT into
multiple CVEs if additional information is published showing that the
error occurred independently in different TAR parser implementations
(CVE-2012-1457).
The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers
to bypass malware detection via a crafted reset interval in the LZXC
header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs
if additional information is published showing that the error occurred
independently in different CHM parser implementations (CVE-2012-1458).
The TAR file parser in ClamAV 0.96.4 allows remote attackers to
bypass malware detection via a TAR archive entry with a length field
corresponding to that entire entry, plus part of the header of the
next entry. NOTE: this may later be SPLIT into multiple CVEs if
additional information is published showing that the error occurred
independently in different TAR parser implementations (CVE-2012-1459).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
d82d78601290e2f6073974170c81841a
mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm
80f0475472c0217afd3727019bf27e53
mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm
c13835eadea8d2af15b628fba3159e8b
mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm
d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm
5ad153709c7eb510c2be2e82bfa5ac52
mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm
96e3d3f3e9bea802c4109c155c9d1465
mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm
203cde43731b63729d1f7f6497033184
mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
b30f5aafd9aaff0a7743fb62f33ccbea
mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm
1508801239427c0ac72734f52cb4451c
mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm
92b4c5ca6db656801b5b6ae217c6e171
mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm
94fad12df2cc900309087bbda13c826a
mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm
8ec166a457d0512479adaaf5f80d487f
mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm
19bc2758175bcde28ebf7783d68a9b98
mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm
203cde43731b63729d1f7f6497033184
mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf
OUr1QL5Wsvt3KboLKCdYUhE=
=1QL7
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke