Auctioneer hyping sale of 'ravaging' ClamAV vulnerability

Summary:The WabiSabiLabi vulnerability auction house is hyping the sale of a potentially nasty remote code execution flaw in ClamAV, the popular open-source anti-virus toolkit recently acquired by Sourcefire.

Auctioneer hyping sale of 'ravaging' ClamAV vulnerability
The WabiSabiLabi vulnerability auction house is hyping the sale of a potentially nasty remote code execution flaw in ClamAV, the popular open-source anti-virus toolkit recently acquired by Sourcefire.

WabiSabiLabi, which positions itself as the eBay of software vulnerabilities, said the flaw can be exploited by simply sending a specially crafted e-mail to the vulnerable mail server.

[SEE: Questions swirl as Sourcefire buys ClamAV ]

In a blog entry dedicated to this ClamAV bug, WabiSabiLabi said the vulnerability (and reliable proof-of-concept exploit code) allows a malicious user to execute arbitrary code on the machine running one of the utilities of the ClamAV suite.

The latest verified vulnerable version is 0.91.1 but other versions could be affected as well. As you can obviously imagine, the impact of this vulnerability is ravaging.

At 10:53 AM today, there were no bids on the flaw, which opens at 500€ (US$732).

When exploited, the vulnerability allows an attacker to execute arbitrary code on the target machine in the context of the user running the affected application and to have a "base" on the local network/DMZ, thus having the possibility to escalate privileges (if needed) and compromise other servers nearby the attacked one.

Of course, as it's an anti-virus engine designed for mail servers, the attacker can locally escalate his privileges and get access to all the mail traffic to and from the company just by sniffing the traffic on the compromised machine.

In a home scenario, even if ClamAV is not widely used in such environment, the impact can also be high. If a home computer is compromised, the attacker can access documents and files stored on that computer and use these informations to gain higher privileges.

[ SEE: Trend Micro, Zone Labs, ClamAV join list of insecure security products ]

WabiSabiLabi is also brokering the sale of vulnerabilities in Apple's QuickTime (client side remote code execution), IBM DB2 (there's a single bid on one of the DB2 holes), RealNetworks's Helix Server, Samba, FreeBSD and Novell eDirectory.

Topics: Servers, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.