{"vuid":"VU#363713","idnumber":"363713","name":"Clam AntiVirus contains a buffer overflow vulnerability","keywords":["Clam","AntiVirus","UPX","buffer overflow","arbitrary code execution","compressed executable"],"overview":"A buffer overflow in Clam AntiVirus (ClamAV) may allow a remote attacker to execute arbitrary code.","clean_desc":"Clam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV (libclamav/upx.c) may allow a buffer overflow to occur. If a remote attacker sends a specially crafted UPX-packed executable to a vulnerable ClamAV installation, that attacker may be able to trigger the buffer overflow.","impact":"A remote attacker may be able to execute arbitrary code  with the privileges of the application linked to the ClamAV process. In addition, this vulnerability may prevent ClamAV from detecting malicious UPX-packed executables.","resolution":"Upgrade\nThis issue was corrected in ClamAV 0.87.","workarounds":"Do not access UPX-packed executables from untrusted sources Exploitation occurs by via specially crafted UPX-packed executables. By only accessing UPX-packed executables from trusted or known sources, the chances of exploitation are reduced.","sysaffected":"","thanks":"This vulnerability was reported by Thierry Carrez.","author":"This document was written by Jeff Gennari.","public":["http://secunia.com/advisories/16848/","http://sourceforge.net/project/shownotes.php?release_id=356974","http://www.securityfocus.com/bid/14866","http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml","http://www.clamav.net/","http://www.mandriva.com/security/advisories?name=MDKSA-2005:166"],"cveids":["CVE-2005-2920"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-09-19T14:22:38Z","publicdate":"2005-09-19T00:00:00Z","datefirstpublished":"2005-09-27T12:59:16Z","dateupdated":"2005-11-03T14:35:26Z","revision":45,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"9","cam_attackeraccessrequired":"10","cam_scorecurrent":"6.75","cam_scorecurrentwidelyknown":"8.4375","cam_scorecurrentwidelyknownexploited":"15.1875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.75,"vulnote":null}