Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: ClamAV versions up to 0.88.3 DoS SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ClamAV versions up to 0.88.3 DoS
A Secunia bulletin earlier today alerted us to a potential denial of service in the popular open-source anti-virus package ClamAV.  The vulnerability is in the pefromupx() routine for unpacking a UPX packed PE executable.  The advisory states that all versions up to, and including, 0.88.4 are vulnerable.  The front page of states that the latest stable version is 0.88.4, but the "stable" page only mentions 0.88.3 released last month.  The sourceforge download page lists a clamav-0.88.4.tar.gz (and .sig), but at the time of this writing, actually clicking on the link results in a "file not found" error.  So, it looks like they are scrambling to fix this one and the new version should be available shortly.

Jim Clausing,  jclausing --at--
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - Live Online


414 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!