[Bug 320339] [NEW] malloc failure in clamav
themusicgod1
themusicgod1 at zworg.com
Fri Jan 23 05:28:05 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: clamav
While scanning a massive, deep directory with lots of 'big'
files(including a mirror of wikipedia circa 2005 or so tarball), an
error was brought up:
"LibClamAV Error: cli_malloc(): Attempt to allocate 859852725 bytes.
Please report to http://bugs.clamav.net"
* clamscan continues after this, seemingly successfully
* bugs.clamav.net wasn't very helpful(but that's covered by another bug
report and hence is another story). My system has about 5GB of swap(way
to go default installer options! ;) ) of which maybe 49mb is in use---so
it can't be that I'm running out of memory, something else is going on.
* this system *has* had/may have a virus on it(linux.rst.b + ??), so it
might be compromised in a hard to predict way, but I have since
installed clamav and it seems that I have gotten rid of the infected
files(debsums seem to work, whereas while infected they did not check
out to be ok), but I leave this fact here for completeness.
useful stuff:
* linux 2.6.24 amd64
* Linux taylor 2.6.24-23-generic #1 SMP Thu Nov 27 18:13:46 UTC 2008 x86_64 GNU/Linux
* memtested not too long ago dozens of times in multiple ram configurations
* newish computer
* Hardy Desktop/8.04
* ClamAV 0.92.1/8893/Thu Jan 22 14:18:43 2009
Why this could be a (minor) security problem:
* because if there's a way to fool clamav into thinking a file is not a virus, when it is, this is a security issue.
Stuff I should probably provide that I haven't found yet:
* the exact file(s) that causes the crash to occur. This could take some time as I have a lot of files to scan(binary-like search could take days).
** Affects: clamav (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
malloc failure in clamav
https://bugs.launchpad.net/bugs/320339
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list