绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

Clam AntiVirus FreshClam远程缓冲区溢出漏洞

发布日期：2006-05-02
更新日期：2006-05-02

受影响系统：

ClamAV ClamAV 0.88.1
ClamAV ClamAV 0.88

描述：

BUGTRAQ  ID: 17754
CVE(CAN) ID: CVE-2006-1989

ClamAV是一种开源的防病毒软件。

ClamAV的freshclam工具实现上存在缓冲区溢出漏洞，远程攻击者可以利用此漏洞在服务器上执行任意指令。

freshclam对来自服务器的HTTP数据没有做充分的检查就拷贝到一个固定长度的缓冲区，导致缓冲区溢出。要利用此漏洞攻击者必须控制ClamAV的某个数据库服务器或通过DNS欺骗的方法使ClamAV访问恶意设置的数据。

<*来源：Ulf Harnhammar （ulfh@update.uu.se）

  链接：http://www.debian.org/security/2006/dsa-1050
        http://security.gentoo.org/glsa/glsa-200605-03.xml
*>

建议：

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-1050-1）以及相应补丁:
DSA-1050-1：New ClamAV packages fix denial of service or arbitrary code execution
链接：http://www.debian.org/security/2005/dsa-1050

补丁下载：
Source archives:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.dsc
Size/MD5 checksum:      876 943e000ec0e1286a3dbdf29df42d2079
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.diff.gz
Size/MD5 checksum:   176085 5e83632aca0a41e5e9e666d7dc9bddb1
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.9_all.deb
Size/MD5 checksum:   154874 583075812746d50b00cf393f91cf6268
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.9_all.deb
Size/MD5 checksum:   690472 154f6c262b9525573acbc7d63c0fc58a
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.9_all.deb
Size/MD5 checksum:   123852 431264c393cbf721d11a4c17b465984c

Alpha architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_alpha.deb
Size/MD5 checksum:    74762 c0841b5ad9c30a0e1ab5bc852a5b4df5
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_alpha.deb
Size/MD5 checksum:    48832 ca0177b0ad40dab6ebd5e2482dccff0c
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_alpha.deb
Size/MD5 checksum:  2176472 9c55170dba238d910e2a76a9b9a0f90e
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_alpha.deb
Size/MD5 checksum:    42110 91038c466a5d7da73ec408edf1d79079
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_alpha.deb
Size/MD5 checksum:   255658 4018f5b3119dbe0a046bd3ef0eea7f5d
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_alpha.deb
Size/MD5 checksum:   285526 dc76ca7e4f9334b55b8552e6de6144a7

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_amd64.deb
Size/MD5 checksum:    68840 f129489350c5dd3b700f10eae2e41e74
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_amd64.deb
Size/MD5 checksum:    44172 dfab3e90cb2948c876a66f34688a8e54
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_amd64.deb
Size/MD5 checksum:  2173250 bc5b91cd655eea9f62d9c997a4f33d0e
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_amd64.deb
Size/MD5 checksum:    40002 003163f47600d0992a6c6d445919e2a5
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_amd64.deb
Size/MD5 checksum:   176418 530c4ae72744122635ca79305d7624c8
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_amd64.deb
Size/MD5 checksum:   259640 252a1582028a3a931d7535bcd6c08a93

ARM architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_arm.deb
Size/MD5 checksum:    63908 daadbd0ec8dd6bbbe0efb7dea8c7c862
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_arm.deb
Size/MD5 checksum:    39588 033e2e0cfcc9bff7560beb8a98c6d07b
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_arm.deb
Size/MD5 checksum:  2171286 19e45af806dc2d39dbf2facc99e71414
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_arm.deb
Size/MD5 checksum:    37304 8918504ae9fe175df5e403248df27184
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_arm.deb
Size/MD5 checksum:   174796 ecb5d13c843235495b25cfb422dcdd1e
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_arm.deb
Size/MD5 checksum:   249614 68a25e96c65651a742a3cdea82b6e4dc

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_i386.deb
Size/MD5 checksum:    65208 499c59767ffef73b2e466d0ad355acd9
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_i386.deb
Size/MD5 checksum:    40312 5c1197cfd1d386259090acd018a09d1d
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_i386.deb
Size/MD5 checksum:  2171586 18efe0dffbe399b65f6109cf64fb4ebc
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_i386.deb
Size/MD5 checksum:    38026 e2ea6a0007d4cb3eb89a677ced6237d0
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_i386.deb
Size/MD5 checksum:   159514 07dc6d59c3ca44802a884ba57295f25c
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_i386.deb
Size/MD5 checksum:   254212 8f0ac53bb73ab04cace56dacbd1f7385

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_ia64.deb
Size/MD5 checksum:    81806 2f5e60307573c83948b364aba0b902d7
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_ia64.deb
Size/MD5 checksum:    55248 b0836a06803e2817c62a2fb0e44bbdf2
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_ia64.deb
Size/MD5 checksum:  2180260 67d516ba4de63b2df9a2f22ea09977cc
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_ia64.deb
Size/MD5 checksum:    49196 eef0faa8458ad343723b2ad5ab20b85d
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_ia64.deb
Size/MD5 checksum:   252022 44ae4643b97df4c60fc9344e978ed301
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_ia64.deb
Size/MD5 checksum:   317594 792d635c17661ff30a98002bcbf28c20

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_hppa.deb
Size/MD5 checksum:    68278 e6ae93d179cf42dff2e3e21f73b791d8
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_hppa.deb
Size/MD5 checksum:    43294 aca3a82514944bd64fe592f4c82fd3ee
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_hppa.deb
Size/MD5 checksum:  2173750 e75c6299f3bcebf2fde0152a97964fd5
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_hppa.deb
Size/MD5 checksum:    39444 1bcd721e1d64f1dd87d210e67dd03c8a
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_hppa.deb
Size/MD5 checksum:   202610 6de992b66d479fc91ab9c7f2ce241fe8
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_hppa.deb
Size/MD5 checksum:   283332 b53830c42ec5c4b4cc2f75804ee33165

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_m68k.deb
Size/MD5 checksum:    62522 b64d3b425ff4a76e45a1ad3fda52ac93
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_m68k.deb
Size/MD5 checksum:    38206 14a9a4a27a4b09153cce7adf167e3832
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_m68k.deb
Size/MD5 checksum:  2170544 eda974d6e3d676f4eaffb82a73548b89
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_m68k.deb
Size/MD5 checksum:    35058 04b9394b533707237f58a402339cd84f
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_m68k.deb
Size/MD5 checksum:   146258 5ea523a7dbf19ff9d9d01b4ad8f31f39
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_m68k.deb
Size/MD5 checksum:   250356 1954573109230d4898760c36a3c87ba4

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mips.deb
Size/MD5 checksum:    67950 27a6b985d95bb70281ad7cd842770170
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mips.deb
Size/MD5 checksum:    43798 c802171f2f84f4f14ef1a720ecbb8aa7
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mips.deb
Size/MD5 checksum:  2173032 7aa9e633b0962f5ab86ee11fb7c3974a
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mips.deb
Size/MD5 checksum:    37668 dec8e08fd9996962a93a1c3d752be4f0
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mips.deb
Size/MD5 checksum:   195430 3e94e63724ef9c2dd11a59648f4b5c97
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mips.deb
Size/MD5 checksum:   257462 ef59f02caa5d95c70b85022ea788bfa3

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mipsel.deb
Size/MD5 checksum:    67556 a8f18eb0565bba5c75370ff92ac78f38
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mipsel.deb
Size/MD5 checksum:    43580 59d814309d704ff91e9e07d492cc7167
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mipsel.deb
Size/MD5 checksum:  2172984 cb6babbbb93113c91190757557209803
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mipsel.deb
Size/MD5 checksum:    37966 e87c71e23e8ccd7c1250c2338dafc9ea
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mipsel.deb
Size/MD5 checksum:   191864 cdaf87930502971bfb89860cdef54ac1
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mipsel.deb
Size/MD5 checksum:   255070 50e2c374bd3bcb15ff980e1fb3251f7b

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_powerpc.deb
Size/MD5 checksum:    69284 4257688fc42e09118821e8958f0a6ee7
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_powerpc.deb
Size/MD5 checksum:    44694 f3ad6da5431802cc4d397bec741eca81
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_powerpc.deb
Size/MD5 checksum:  2173702 9b536d611b6ce4e48da03459c5071e84
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_powerpc.deb
Size/MD5 checksum:    38886 ff6033af2c67302deb234a7f120cf779
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_powerpc.deb
Size/MD5 checksum:   187680 227518152740d2518c5ec92105d85179
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_powerpc.deb
Size/MD5 checksum:   264838 7f4c6eed60bdc21edd28b60fdfe4c710

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_s390.deb
Size/MD5 checksum:    67906 8c6217c5131838abbfd7ce298556c8b1
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_s390.deb
Size/MD5 checksum:    43564 d6af81d53141d8efddb3878d70a0e624
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_s390.deb
Size/MD5 checksum:  2172976 993af7eba4a41c2510f5280f37d7e048
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_s390.deb
Size/MD5 checksum:    38942 50b2b6c19597e479e1f398439018ce9c
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_s390.deb
Size/MD5 checksum:   182606 3821257f0925fe2be95a355d3d018d88
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_s390.deb
Size/MD5 checksum:   269406 9fe3e9dd8e7564db863a452b2ff9ffae

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_sparc.deb
Size/MD5 checksum:    64424 df6e026c7266999f8747bc82706deb8f
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_sparc.deb
Size/MD5 checksum:    39456 a426823f333ab28e49b16934f19dc346
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_sparc.deb
Size/MD5 checksum:  2171178 ea328218eaa01a6ed32c2dcaff418844
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_sparc.deb
Size/MD5 checksum:    36844 c92fc7b0b4249d6dcd3058482a0936c3
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_sparc.deb
Size/MD5 checksum:   175782 45be5bb635f8fe1244045c429dae943f
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_sparc.deb
Size/MD5 checksum:   264704 dfcbfa29904f0db5848da5de1885d1ea

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update

   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

Gentoo
------
Gentoo已经为此发布了一个安全公告（GLSA-200605-03）以及相应补丁:
GLSA-200605-03：ClamAV: Buffer overflow in Freshclam
链接：http://security.gentoo.org/glsa/glsa-200605-03.xml

所有ClamAV用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.2"

ClamAV
------
http://www.debian.org/security/2006/dsa-1050

浏览次数：3740
严重程度：0（网友投票）

本安全漏洞由绿盟科技翻译整理，版权所有，未经许可，不得转载
绿盟科技给您安全的保障

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客