Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

ClamAV hole sees Linux vendors rush out updates

Highly critical flaw in open-source anti-virus software.

By Matthew Broersma | Techworld | Published: 13:14, 17 January 2006

Online bounty hunters have discovered a serious security flaw in ClamAV, the widely used open-source anti-virus software for Unix and Linux.

The flaw was disclosed this week through the Zero Day Initiative (ZDI), which pays security researchers for tracking down vulnerabilities. It was the fourth bug to be disclosed under the programme, created by 3Com's TippingPoint division.

TippingPoint notified ClamAV's developers of the bug in mid-December and disclosure was co-ordinated with the release of a patch, available here.

The bug could allow attackers to execute malicious code on a server running ClamAV versions 0.80 to 0.87.1, TippingPoint said in an advisory. It is due to an exploitable memory corruption condition created by an error in the unpacking of executable files compressed with UPX (Ultimate Packer for eXecutables), an open-source compression program. Attackers don't need to be authenticated to exploit the bug.

Secunia, which maintains a database of vulnerabilities, said the flaw was "highly critical". GNU/Linux vendors hurried to update their own implementations of ClamAV, with updates arriving from Mandriva, Gentoo, Suse, Trustix and others.

ZDI is one of a handful of bounty programmes in the security industry. Others are run by iDefense and Microsoft. "By ensuring threat information remains confidential until a patch can be issued, we are helping strengthen security for all technology users and reducing the risk of zero day attacks," said David Endler, director of security research for TippingPoint, in a statement.

ClamAV isn't well known outside of Unix/Linux circles, but is one of the most widely used anti-virus programs on Unix-like operating systems. It is mainly used with mail exchange servers as an email virus scanner. The GPL-licensed program and virus definitions are both distributed free of charge.

The program is designed to work with most POP3, Samba and Web servers and Message Transfer Agents, and supports most compression formats. It's used as the back-end for ClamXav on the Mac OS X platform.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.