ClamAV Sigtool file overwrite

clamav-sigtool-file-overwrite (39339)

Medium Risk

Description:

Clam AntiVirus (ClamAV) could allow a local attacker to overwrite arbitrary files, caused by the improper handling of created files by the Sigtool utility. A local attacker could exploit this vulnerability by invoking the Sigtool with the utf16-decode option to overwrite arbitrary files on the vulnerable system.

Platforms Affected:

• Clam Anti-Virus, ClamAV 0.92

Remedy:

No remedy available as of August 23, 2008.

Consequences:

File Manipulation

References:

• Clam AntiVirus Web site, Clam AntiVirus at http://www.clamav.net/.
• Full-Disclosure Mailing List, Sun, 30 Dec 2007 01:06:04 +0100, TK53 Advisory #2: Multiple vulnerabilities in ClamAV at http://seclists.org/fulldisclosure/2007/Dec/0625.html.
• SECTRACK ID: 1019148: Clam AntiVirus Unsafe File Access Lets Local Users Gain Elevated Privileges

Reported:

Dec 29, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page