Security Advisory 09 for Kolab Server (CVE-2006-1989, ClamAV)
Bernhard Reiter
bernhard at intevation.de
Tue May 16 19:22:04 CEST 2006
--
www.kolab-konsortium.com Professional Maintenance, Consultancy and Support.
-------------- next part --------------
Kolab Security Issue 09 20060516
================================
Package: Kolab Server
Vulnerability: buffer overflow, remotely exploitable (CVE-2006-1989)
Kolab Specific: no
Dependent Packages: none
Impact: high
Summary
~~~~~~~
The Clam AntiVirus package's freshclam component has a buffer overflow
that can be exploited remotely.
Freshclam fetches updates via HTTP. A specially prepared HTTP server
could be used by an attacker to exploit the buffer overflow.
By means of DNS poisoning freshclam could be pointed to such a bogus server.
Affected Versions
~~~~~~~~~~~~~~~~~
This affects all servers which have ClamAV 0.80 up to 0.88.1 running.
Kolab Servers 2.0.3, Kolab Server 2.1beta1 are vulnerable.
Previous releases are affected.
Fix
~~~
Upgrade to ClamAV 0.88.2.
A new ClamAV RPM is available from the Kolab download mirrors as
security-updates/20060616/clamav-0.88.2-20060430.src.rpm
In addition a binary RPM for (ix86 Debian GNU/Linux Sarge) is available:
Kolab Server 2.0.3 (Sarge)
security-updates/clamav-0.88.2-20060430.ix86-debian3.1-kolab.rpm
All other Server versions: Please build from the src.rpm.
The mirrors are listed on http://kolab.org/mirrors.html
While the mirrors are catching up, you can also get the package via rsync:
# rsync -tzv rsync://rsync.kolab.org/kolab/server/security-updates/20060616/clamav-0.88.2-20060430.src.rpm .
MD5 sums:
bce57f67d9549087f4f1b88313fcf237 clamav-0.88.2-20060430.src.rpm
8d646b130ed9f166ed16a589776406e4 clamav-0.88.2-20060430.ix86-debian3.1-kolab.rpm
The package can be installed on your Kolab Server with
# /kolab/bin/openpkg rpm --rebuild clamav-0.88.2-20060430.src.rpm
# /kolab/bin/openpkg rpm \
-Uvh /kolab/RPM/PKG/clamav-0.88.2-20060430.<ARCH>-<OS>-kolab.rpm
The installation process will likely leave a freshclam.conf.rpmsave or
clamd.conf.rpmsave in /kolab/etc/clamav/. Since freshclam.conf and
clamd.conf are generated files, remove the rpmsave files, run kolabconf
and make sure clamav starts. E.g.
# rm /kolab/etc/clamav/clamd.conf.rpmsave
# /kolab/sbin/kolabconf
# /kolab/etc/rc clamav start
Optionally update the virus signature files manually right away as test:
# /kolab/bin/freshclam
Details
~~~~~~~
http://www.clamav.net/security/0.88.2.html
ClamAV 0.88.2 release notes
Timeline
~~~~~~~~
20060429 ClamAV security release 0.88.2, announced as "Moderate risk".
20060430 OpenPKG 0.88.2 package release as in section CUR/SRC/PLUS.
20060516 Security assessment for Kolab Server by Martin Konold.
20060516 Kolab Server tests, update and security advisory published.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20060516/58781c48/attachment.sig>
More information about the users
mailing list