Kolab Security Issue 14 20061219 (clamav)
Thomas Arendsen Hein
thomas at intevation.de
Tue Dec 19 22:08:07 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kolab Security Issue 14 20061219
================================
Package: Kolab Server, ClamAV
Vulnerability: bypass virus detection (CVE-2006-6406),
denial of service, remotely exploitable (CVE-2006-6481)
Kolab Specific: no
Dependent Packages: none
Summary
~~~~~~~
CVE-2006-6406
Hendrik Weimer discovered that invalid characters in base64 encoded
data may lead to bypass of scanning mechanisms.
CVE-2006-6481
Hendrik Weimer discovered that deeply nested multipart/mime MIME
data may lead to denial of service.
Affected Versions
~~~~~~~~~~~~~~~~~
This affects versions of ClamAV up to version 0.88.6.
Kolab Server 2.0.4 and Kolab Server 2.1beta3 are vulnerable.
Previous releases are affected.
Fix
~~~
Upgrade to ClamAV 0.88.7.
The ClamAV source RPM is available from the Kolab download mirrors as:
security-updates/20061219/clamav-0.88.7-20061211.src.rpm
A binary RPM for Kolab Server 2.0.4 (ix86 Debian GNU/Linux Sarge) is available:
security-updates/20061219/clamav-0.88.7-20061211.ix86-debian3.1-kolab.rpm
All other server versions: Please build from the src.rpm.
The mirrors are listed on http://kolab.org/mirrors.html
While the mirrors are catching up, you can also get the package via rsync:
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20061219/clamav-0.88.7-20061211.src.rpm .
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20061219/clamav-0.88.7-20061211.ix86-debian3.1-kolab.rpm .
MD5 sums:
7b19f8355d5f941422eb192671b0f814 clamav-0.88.7-20061211.ix86-debian3.1-kolab.rpm
bc86262cb06aef7b7bdd2fc5b8a87368 clamav-0.88.7-20061211.src.rpm
The package can be installed on your Kolab Server with
# /kolab/bin/openpkg rpm --rebuild clamav-0.88.7-20061211.src.rpm
# /kolab/bin/openpkg rc clamav stop
# /kolab/bin/openpkg rpm \
-Uvh /kolab/RPM/PKG/clamav-0.88.7-20061211.<ARCH>-<OS>-kolab.rpm
# rm /kolab/etc/clamav/*.conf.rpmsave
# /kolab/sbin/kolabconf
# /kolab/bin/openpkg rc clamav start
# su - kolab-r
$ freshclam
Details
~~~~~~~
http://sourceforge.net/project/shownotes.php?release_id=461171
http://sourceforge.net/project/shownotes.php?release_id=470383
ClamAV 0.88.6 and 0.88.7 release notes
http://www.quantenblog.net/security/virus-scanner-bypass
Bypassing Virus Scanners Using MIME Encoding Tricks
http://www.securityfocus.com/bid/21461
Multiple Security Products MIME Encoding Content Filter Bypass Weakness
(CVE-2006-6406)
http://www.securityfocus.com/bid/21609
Clam Anti-Virus Attachment Wrapping Denial Of Service Vulnerability
(CVE-2006-6481)
Timeline
~~~~~~~~
20061211 ClamAV release 0.88.7.
20061211 OpenPKG 0.88.7 package release.
20061219 Kolab Server security advisory published.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFFiFQoW7P1GVgWeRoRAgT4AJ9ERB2KHLqr3qu26t1AK8HDwobYSACcCxty
L37T0yS8rdJpqLTO+u/ztN4=
=xLcU
-----END PGP SIGNATURE-----
--
Email: thomas at intevation.de
http://intevation.de/~thomas/
More information about the users
mailing list