首页 -> 安全研究
安全研究
安全漏洞
Clam Anti-Virus PE文件头处理堆溢出漏洞
发布日期:2006-10-16
更新日期:2006-11-29
受影响系统:
ClamAV ClamAV 0.88.4不受影响系统:
ClamAV ClamAV 0.88.5描述:
BUGTRAQ ID: 20535
CVE(CAN) ID: CVE-2006-4182
Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。
Clam AV在处理畸形PE文件时存在堆溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令 。
在处理某些PE格式文件时,两个变量可能会被恶意地设置为非常大的值,导致整数溢出。这可能导致分配比预期少的内存,之后的代码可能会覆盖堆缓冲区。
<*来源:Damian Put (pucik@cc-team.org)
链接:http://secunia.com/advisories/22370/
http://docs.info.apple.com/article.html?artnum=304829
http://secunia.com/advisories/23155/
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422
http://www.debian.org/security/2006/dsa-1196
http://security.gentoo.org/glsa/glsa-200610-10.xml
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1196-1)以及相应补丁:
DSA-1196-1:New clamav packages fix arbitrary code execution
链接:http://www.debian.org/security/2005/dsa-1196
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11.dsc
Size/MD5 checksum: 874 28ac6ad45d008a1a40f1043ce208f7e9
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11.diff.gz
Size/MD5 checksum: 176562 4b0c191cf10e3184baee4004c7992b09
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c
Architecture independent components:
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.11_all.deb
Size/MD5 checksum: 154890 32b1629d649ed6168dd411e0458cca08
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.11_all.deb
Size/MD5 checksum: 694414 e8160f6502023138511d613240ff8a7a
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.11_all.deb
Size/MD5 checksum: 123884 82b26302a2c4697b7d58825dd64149c3
Alpha architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_alpha.deb
Size/MD5 checksum: 74768 39a1eb656cb857019708e6a9f13e6670
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_alpha.deb
Size/MD5 checksum: 48830 de988902ce6b7a56b0f72daa6e113614
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_alpha.deb
Size/MD5 checksum: 2176452 e16e6c071d0233820855fb4777b90a7d
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_alpha.deb
Size/MD5 checksum: 42120 fa4bd16b77814caf48f9c32e5ebf10f4
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_alpha.deb
Size/MD5 checksum: 255774 19ff1809f543ca8aadb819be4b879f44
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_alpha.deb
Size/MD5 checksum: 285586 e33630652b74d4a2ddb1c936daf4a7ec
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_amd64.deb
Size/MD5 checksum: 68850 03fd7d2e437ef1d337236884289f9cfd
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_amd64.deb
Size/MD5 checksum: 44186 3b44c71024838a3d9e367807fe8664dd
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_amd64.deb
Size/MD5 checksum: 2173268 f41d15ff5a51f3aa601d8bc1f5ddad6a
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_amd64.deb
Size/MD5 checksum: 39988 3ae59e939bb67cb743c655089d7c66a7
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_amd64.deb
Size/MD5 checksum: 176496 bb458a66c0422f2c567e0f5bc0db6fc0
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_amd64.deb
Size/MD5 checksum: 259796 ace9bd92aec68b79785d812112df3b8c
ARM architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_arm.deb
Size/MD5 checksum: 63924 13852fbd45ab407a4d12529d3c9af7d1
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_arm.deb
Size/MD5 checksum: 39600 c11f5ed1c7d9867e2d3c8feebffeafc7
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_arm.deb
Size/MD5 checksum: 2171292 a28d43cf47bbf88d6eb750eb32b318ee
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_arm.deb
Size/MD5 checksum: 37314 c12fda2e2e2d6d35ca7b7907e8276cd6
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_arm.deb
Size/MD5 checksum: 174878 4685182160e39404d8f15fe249b64a5e
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_arm.deb
Size/MD5 checksum: 249784 0f7eeccd53136dcd6bb78ea6020e73b0
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_hppa.deb
Size/MD5 checksum: 68278 35e8f30df61e0c77fd22b8c02e2f6ebb
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_hppa.deb
Size/MD5 checksum: 43282 c0d8fe7883d6d4aff3824549bb221e89
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_hppa.deb
Size/MD5 checksum: 2173730 4b003090224b6fedf73abd38a1a32eb2
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_hppa.deb
Size/MD5 checksum: 39456 33b5e0dbc1dc6aff76b0b5f4164b8256
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_hppa.deb
Size/MD5 checksum: 202698 75ddd21a939d57b35a0f2256bf0d99f7
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_hppa.deb
Size/MD5 checksum: 283454 82057fdf8dca950c4dd3a72b5b6f811a
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_i386.deb
Size/MD5 checksum: 65200 a945220bc5697dece23aafc00fed3d5f
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_i386.deb
Size/MD5 checksum: 40308 60923ec7ee8c7b86881f4e5389cf43cb
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_i386.deb
Size/MD5 checksum: 2171624 59374c11897bcaf9f3dc7c71bcb6fa56
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_i386.deb
Size/MD5 checksum: 38038 05b67aee86f2c60105806ad74d77e32d
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_i386.deb
Size/MD5 checksum: 159720 074ef1d4d28391d2eb394ea24c702e78
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_i386.deb
Size/MD5 checksum: 254468 a80e82dfeb22354d3623a40e85fbbcc6
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_ia64.deb
Size/MD5 checksum: 81828 c46f0b2c499e816a3cb440d0651a2b55
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_ia64.deb
Size/MD5 checksum: 55246 7a442d4f53746822fe60cb1628730d00
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_ia64.deb
Size/MD5 checksum: 2180272 33333853b7919432646bcfdae6abd54c
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_ia64.deb
Size/MD5 checksum: 49190 53a172cf4d463f4e1650d33b4851e832
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_ia64.deb
Size/MD5 checksum: 252174 8e184d5dba13b625ae0e44e89485c6a7
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_ia64.deb
Size/MD5 checksum: 317870 2222c0d7e5cf059381ebd9a151b8a5af
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_m68k.deb
Size/MD5 checksum: 62518 7f0f240a3ecc077fc140e88bac5b1fe8
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_m68k.deb
Size/MD5 checksum: 38194 06f87cf4f5bcccf1f8d8b1099bef70d3
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_m68k.deb
Size/MD5 checksum: 2170504 809d90d8aedaa980866431ffa90a28aa
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_m68k.deb
Size/MD5 checksum: 35070 02f5faec5ab1070cb09e5488d24d910b
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_m68k.deb
Size/MD5 checksum: 146328 99c2e58e91dbbf20c126b29f0af6bc2c
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_m68k.deb
Size/MD5 checksum: 250494 87ad44430613edb59b8b8d300786a8b7
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_mips.deb
Size/MD5 checksum: 67956 2e78155905e710e6b0ff27b53e45f269
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_mips.deb
Size/MD5 checksum: 43800 fb236f7c6cf785d6a55aae1a4515338a
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_mips.deb
Size/MD5 checksum: 2173046 ac2d5755af45a3d4a0c20c29508066c8
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_mips.deb
Size/MD5 checksum: 37668 48b4aa4c897d00929da982ef07c8a15a
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_mips.deb
Size/MD5 checksum: 195568 bb600d223c0b65faa1b646df27dc7e74
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_mips.deb
Size/MD5 checksum: 257606 679b4cce53bcc33e8ac10650aff4c5a0
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_mipsel.deb
Size/MD5 checksum: 67556 4520d58dd04533e2777f3cca4975a4d3
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_mipsel.deb
Size/MD5 checksum: 43598 92da7fbb103c7a1c37b05522ae1e19a2
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_mipsel.deb
Size/MD5 checksum: 2173008 e6745c1d5156d5cfca2dac85be5f1423
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_mipsel.deb
Size/MD5 checksum: 37954 95d22e916f84828d555c5d13674e5d4c
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_mipsel.deb
Size/MD5 checksum: 191974 604b00ff88ac5373c196248e906beb0d
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_mipsel.deb
Size/MD5 checksum: 255282 e904a9e0a41a5256e36fc71781135f05
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_powerpc.deb
Size/MD5 checksum: 69294 07c0764302ddd5a9140581c6ede04487
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_powerpc.deb
Size/MD5 checksum: 44674 8c9d17ca61c993632aa25da98c8b6cef
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_powerpc.deb
Size/MD5 checksum: 2173668 5a591aa69f1d101cfce0597398c25ae6
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_powerpc.deb
Size/MD5 checksum: 38870 8ea03838330fa3c56482e2f343c5431a
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_powerpc.deb
Size/MD5 checksum: 187714 10bc94cec5fa66dcff4c76f49ba2e3c1
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_powerpc.deb
Size/MD5 checksum: 264980 c5452abaf240f6f8d927ef69ea29d0b5
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_s390.deb
Size/MD5 checksum: 67898 68e72a9d5ac378fc62e1cd6bb076da18
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_s390.deb
Size/MD5 checksum: 43554 207dcf7c5897971f44c5afbed4b660e5
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_s390.deb
Size/MD5 checksum: 2172956 7408bb7618f0b0d4b984e009b15e3a34
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_s390.deb
Size/MD5 checksum: 38932 dc9a5cc5dfcbd829dc65811713d84ba8
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_s390.deb
Size/MD5 checksum: 182686 a743f6f9a8dd3aa06e51c168e6a78cf2
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_s390.deb
Size/MD5 checksum: 269600 382c4a08915ddc6d50208aeb9468bdab
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200610-10)以及相应补丁:
GLSA-200610-10:ClamAV: Multiple Vulnerabilities
链接:http://security.gentoo.org/glsa/glsa-200610-10.xml
所有ClamAV用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.5"
ClamAV
------
http://www.debian.org/security/2006/dsa-1196
浏览次数:4393
严重程度:0(网友投票)
绿盟科技给您安全的保障