Kolab Security Issue 16 20070724 (clamav)
Thomas Arendsen Hein
thomas at intevation.de
Tue Jul 24 13:14:24 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kolab Security Issue 16 20070724
================================
Package: Kolab Server, ClamAV
Vulnerability: denial of service
Kolab Specific: no
Dependent Packages: none
Summary
~~~~~~~
CVE-2007-3725
Metaeye Security Group discovered that ClamAV crashes due to processing of
standard filters in RAR VM, while processing a corrupted RAR file.
Kolab servers use the clamd daemon for filtering. While Kolab Server 2.0
passes following mails without being scanned by ClamAV, Kolab Server 2.1
falls back to using the command line clamscan utility which significantly
increases processing overhead.
Affected Versions
~~~~~~~~~~~~~~~~~
This affects versions of ClamAV up to version 0.90.3.
Kolab Server 2.1.0 and previous releases of the 2.1 branch are affected.
Kolab Server 2.0.4 and previous releases of the 2.0 branch are affected.
Kolab Server 2.2-beta1 is affected.
Fix
~~~
Upgrade to ClamAV 0.91.1.
The ClamAV source RPM is available from the Kolab download mirrors as:
security-updates/20070724/clamav-0.91.1-20070718_kolab.src.rpm
A binary RPM for Kolab Server 2.1.0 (ix86 Debian GNU/Linux Sarge) is available:
security-updates/20070724/clamav-0.91.1-20070718_kolab.ix86-debian3.1-kolab.rpm
All other server versions: Please build from the src.rpm.
The mirrors are listed on http://kolab.org/mirrors.html
While the mirrors are catching up, you can also get the package via rsync:
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20070724/clamav-0.91.1-20070718_kolab.src.rpm .
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20070724/clamav-0.91.1-20070718_kolab.ix86-debian3.1-kolab.rpm .
MD5 sums:
4ed62987a0871b0d6ab7520e85fc3a25 clamav-0.91.1-20070718_kolab.src.rpm
aebbcde54deb366b0f7966f4c947b1de clamav-0.91.1-20070718_kolab.ix86-debian3.1-kolab.rpm
The package can be installed on your Kolab Server with
# /kolab/bin/openpkg rpm --rebuild clamav-0.91.1-20070718_kolab.src.rpm
# /kolab/bin/openpkg rpm \
-Uvh /kolab/RPM/PKG/clamav-0.91.1-20070718_kolab.<ARCH>-<OS>-kolab.rpm
# rm /kolab/etc/clamav/clamd.conf.rpmsave
# /kolab/bin/openpkg rc clamav restart
# su - kolab-r
$ freshclam
For Kolab Server 2.0.4 you have to copy the new /kolab/etc/clamav/clamd.conf
to /kolab/etc/kolab/templates/clamd.conf.template so it will not be
overwritten by kolabconf. Do NOT copy this file with Kolab Server 2.1 or 2.2!
Details
~~~~~~~
http://sourceforge.net/project/shownotes.php?release_id=522414
ClamAV 0.91 release notes
http://sourceforge.net/project/shownotes.php?release_id=523634
ClamAV 0.91.1 release notes
http://www.securityfocus.com/bid/24866
Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability
(CVE-2007-3725)
http://www.metaeye.org/advisories/54
Metaeye Security Group: Advisory and proof of concept file.
Timeline
~~~~~~~~
20070711 ClamAV release 0.91.
20070711 OpenPKG 0.91 package release.
20070716 ClamAV release 0.91.1.
20070718 OpenPKG 0.91.1 package release.
20070724 Kolab Server security advisory published.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGpd1eW7P1GVgWeRoRAtQ8AJ4i1X2oP3n7uLY2IjOftP3/XEWuVwCgmJeI
2IFz/NljqvK4Xq/6JShCiAQ=
=okQi
-----END PGP SIGNATURE-----
--
thomas at intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Osnabrueck - Register: Amtsgericht Osnabrueck, HR B 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the users
mailing list