Researchers have warned of serious bugs in security software, with flaws detected in ClamAV, Ethereal and Sophos...
Anti-Virus within days of each other.
ClamAV Antivirus Library is vulnerable to buffer overflows that could allow attackers complete control of the system, according to a warning issued by Rem0te.com.
Researchers Alex Wheeler and Neel Mehta are credited with discovering the bugs, which can be exploited remotely without user authentication through common protocols such as SMTP, SMB, HTTP and FTP.
Hackers could gain unauthorised control of data by exploiting the vulnerability in ClamAV protected systems, which could lead to further network compromise. ClamAV 0.86.1 and earlier versions are affected.
Ethereal has also posted a high severity warning, listing 27 separate vulnerabilities identified in Ethereal versions 0.8.5 to 0.10.10.
“It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file,” the company warns.
It advises users to upgrade to version 0.10.12. “Due to the severity and scope of the defects that have been discovered, no workaround is available,” the company said.
A buffer overflow vulnerability identified in some versions of Sophos Anti-Virus is “theoretically a risk,” said Sophos, although the company had not seen any examples of malware attempting to exploit the vulnerability.
Sophos senior technology consultant, Graham Cluley, said the company had worked with researcher Alex Wheeler to tackle the vulnerability and most customers had already been updated.
He said: “The vast majority of our customers are protected. It’s not in the wild. Most enterprise customers are updated and any who aren’t will be updated in the next couple of days.”