FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4018

This CVE name corresponds to:

Entered Topic
2006-08-08 clamav -- heap overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4018 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4018
Phase Assigned(20060808)

Description

Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.

References

Source Reference
BUGTRAQ 20060809 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow
MISC http://www.overflow.pl/adv/clamav_upx_heap.txt
CONFIRM http://www.clamav.net/security/0.88.4.html
CONFIRM http://kolab.org/security/kolab-vendor-notice-10.txt
DEBIAN DSA-1153
GENTOO GLSA-200608-13
MANDRIVA MDKSA-2006:138
SUSE SUSE-SA:2006:046
TRUSTIX 2006-0046
BID 19381
VUPEN ADV-2006-3175
VUPEN ADV-2006-3275
SECTRACK 1016645
SECUNIA 21374
SECUNIA 21368
SECUNIA 21433
SECUNIA 21457
SECUNIA 21443
SECUNIA 21497
SECUNIA 21562
XF clamav-pefromupx-bo(28286)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.