[Kolab-announce] Security Advisory 02 for Kolab Server
Bernhard Herzog
bh at intevation.de
Wed Jul 27 16:34:44 CEST 2005
The Clam AntiVirus package used by Kolab 2.0 contains several buffer
overflows that can be exploited remotely. A new ClamAV RPM with a fix
is available. See the Kolab Security Advisory 02 below for details.
Bernhard Herzog
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kolab Security Issue 02 20050727
================================
Package: Kolab Server
Vulnerability: buffer overflow, remotely exploitable
Kolab Specific: no
Dependent Packages: none
Summary
- -------
The Clam AntiVirus package contains several buffer overflows that can be
exploited remotely.
Affected Versions
- -----------------
This affects all servers which have ClamAV 0.86.1 or earlier versions running.
Kolab Server 2.0 and previous releases of the 2.0 branch are affected.
Fixes
- -----
Upgrade to ClamAV 0.86.2.
A new ClamAV RPM is available from the Kolab download mirrors as the
file security-updates/20050727/clamav-0.86.2-20050726.src.rpm
The mirrors are listed on http://kolab.org/mirrors.html
While the mirrors are catching up, you can also get the package via rsync:
# rsync -tzv rsync://rsync.kolab.org/kolab/server/security-updates/20050727/clamav-0.86.2-20050726.src.rpm .
This package can be installed on your Kolab Server with
# /kolab/bin/openpkg rpm --rebuild clamav-0.86.2-20050726.src.rpm
# /kolab/bin/openpkg rpm \
-Uvh /kolab/RPM/PKG/clamav-0.86.2-20050726.<ARCH>-<OS>-kolab.rpm
##optional
# /kolab/bin/freshclam
Details
- -------
http://www.securityfocus.com/bid/14359
the vulnerabilities present themselves when
the ClamAV antivirus library handles malformed files.
Details of the vulnerability can be found in
http://www.rem0te.com/public/images/clamav.pdf
At least 4 of its file format processors contain remote security bugs.
Specifically, during the processing of TNEF, CHM, & FSG
formats an attacker is able to trigger several integer overflows
These vulnerabilities can be reached by default
and triggered without user interaction
by sending an e-mail containing crafted data.
Timeline
- --------
20050725 clamav vulnerability published by rem0te
20050727 kolab update and security advisory published
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFC55W50vCiU5+ISsgRAuRRAJwPMHzzXu0FwB9GeEv6kq3WOBqvdwCeLKot
d85iJsTD7wjyY+ebkIzklQk=
=NPAR
-----END PGP SIGNATURE-----
--
Intevation GmbH http://intevation.de/
Skencil http://skencil.org/
Thuban http://thuban.intevation.org/
More information about the announce
mailing list