Researchers have warned of serious bugs in security
software, with flaws detected in ClamAV, Ethereal and Sophos
Anti-Virus within days of each other.
ClamAV Antivirus Library is vulnerable to buffer overflows that
could allow attackers complete control of the system, according to
a warning issued by Rem0te.com.
Researchers Alex Wheeler and Neel Mehta are credited with
discovering the bugs, which can be exploited remotely without user
authentication through common protocols such as SMTP, SMB, HTTP and
FTP.
Hackers could gain unauthorised control of data by exploiting
the vulnerability in ClamAV protected systems, which could lead to
further network compromise. ClamAV 0.86.1 and earlier versions are
affected.
Ethereal has also posted a high severity warning, listing 27
separate vulnerabilities identified in Ethereal versions 0.8.5 to
0.10.10.
“It may be possible to make Ethereal crash, use up available
memory, or run arbitrary code by injecting a purposefully malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file,” the company warns.
It advises users to upgrade to version 0.10.12. “Due to the
severity and scope of the defects that have been discovered, no
workaround is available,” the company said.
A buffer overflow vulnerability identified in some versions of
Sophos Anti-Virus is “theoretically a risk,” said Sophos, although
the company had not seen any examples of malware attempting to
exploit the vulnerability.
Sophos senior technology consultant, Graham Cluley, said the
company had worked with researcher Alex Wheeler to tackle the
vulnerability and most customers had already been updated.
He said: “The vast majority of our customers are protected. It’s
not in the wild. Most enterprise customers are updated and any who
aren’t will be updated in the next couple of days.”