-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kolab Security Issue 14 20061219
================================

Package:              Kolab Server, ClamAV
Vulnerability:        bypass virus detection (CVE-2006-6406),
                      denial of service, remotely exploitable (CVE-2006-6481)
Kolab Specific:       no
Dependent Packages:   none


Summary
~~~~~~~

CVE-2006-6406

    Hendrik Weimer discovered that invalid characters in base64 encoded
    data may lead to bypass of scanning mechanisms.

CVE-2006-6481

    Hendrik Weimer discovered that deeply nested multipart/mime MIME
    data may lead to denial of service.


Affected Versions
~~~~~~~~~~~~~~~~~

This affects versions of ClamAV up to version 0.88.6.
Kolab Server 2.0.4 and Kolab Server 2.1beta3 are vulnerable.
Previous releases are affected.


Fix
~~~

Upgrade to ClamAV 0.88.7.

The ClamAV source RPM is available from the Kolab download mirrors as:
security-updates/20061219/clamav-0.88.7-20061211.src.rpm

A binary RPM for Kolab Server 2.0.4 (ix86 Debian GNU/Linux Sarge) is available:
security-updates/20061219/clamav-0.88.7-20061211.ix86-debian3.1-kolab.rpm

All other server versions: Please build from the src.rpm.


The mirrors are listed on http://kolab.org/mirrors.html
While the mirrors are catching up, you can also get the package via rsync:
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20061219/clamav-0.88.7-20061211.src.rpm .
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20061219/clamav-0.88.7-20061211.ix86-debian3.1-kolab.rpm .

MD5 sums:
7b19f8355d5f941422eb192671b0f814  clamav-0.88.7-20061211.ix86-debian3.1-kolab.rpm
bc86262cb06aef7b7bdd2fc5b8a87368  clamav-0.88.7-20061211.src.rpm


The package can be installed on your Kolab Server with

# /kolab/bin/openpkg rpm --rebuild clamav-0.88.7-20061211.src.rpm
# /kolab/bin/openpkg rc clamav stop
# /kolab/bin/openpkg rpm \
  -Uvh /kolab/RPM/PKG/clamav-0.88.7-20061211.<ARCH>-<OS>-kolab.rpm
# rm /kolab/etc/clamav/*.conf.rpmsave
# /kolab/sbin/kolabconf
# /kolab/bin/openpkg rc clamav start
# su - kolab-r
$ freshclam


Details
~~~~~~~

http://sourceforge.net/project/shownotes.php?release_id=461171
http://sourceforge.net/project/shownotes.php?release_id=470383
	ClamAV 0.88.6 and 0.88.7 release notes

http://www.quantenblog.net/security/virus-scanner-bypass
	Bypassing Virus Scanners Using MIME Encoding Tricks

http://www.securityfocus.com/bid/21461
	Multiple Security Products MIME Encoding Content Filter Bypass Weakness
	(CVE-2006-6406)

http://www.securityfocus.com/bid/21609
	Clam Anti-Virus Attachment Wrapping Denial Of Service Vulnerability
	(CVE-2006-6481)


Timeline
~~~~~~~~
    20061211 ClamAV release 0.88.7.
    20061211 OpenPKG 0.88.7 package release.
    20061219 Kolab Server security advisory published.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFiFQoW7P1GVgWeRoRAgT4AJ9ERB2KHLqr3qu26t1AK8HDwobYSACcCxty
L37T0yS8rdJpqLTO+u/ztN4=
=xLcU
-----END PGP SIGNATURE-----