Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 3 May 2015 18:22:59 +0200
From: Sebastian Andrzej Siewior <cve-announce@...breakpoint.cc>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-2170: clamav: crash on crafted upx packed file

UPX [0] is a executable file compressor which is able to compress various
executable formats including PE and ELF files. Clamav [1] is a virus scanning
tool which is able to unpack such files during scanning.

During unpacking there are two range checks which are implemented "manually".
Those checks lack the detection of overflows which are considered by the
CLI_ISCONTAINED() macro. This has been fixed [2] and is part of the 0.98.7
release.
This bug has been discovered by AFL [3], american fuzzy lop.

[0] http://upx.sourceforge.net/
[1] http://www.clamav.net/
[2] https://github.com/vrtadmin/clamav-devel/commit/625f5a9b8f008b8714850e4aa064dee1de06e534
[3] http://lcamtuf.coredump.cx/afl/

Sebastian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ