Re: american-fuzzy-lop contains exploit samples which trigger ClamAV

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2017-11-13 at 14:25 +0000, Richard W.M. Jones wrote:
> (Thanks to Patrick for bringing this issue to my attention.)
> 
> American Fuzzy Lop ("afl", Fedora package american-fuzzy-lop) is an
> instrumentation-driven fuzzer for binary formats.  ClamAV is a
> (Windows?) virus scanner.
> 
> Afl's documentation comes with some demonstration vulerabilities
> found
> by afl.  These are shipped in the source tarball and SRPM and also
> installed as a %doc section in the binary
> (/usr/share/doc/american-fuzzy-lop/vuln_samples/).
> 
> Unfortunately some of these samples trigger ClamAV
> "Win.Exploit.CVE_2015_0076-1 FOUND".
> 
> In this particular case it appears to be one or more of these files:
> 
>   jxrlib-crash2.jxr
>   jxrlib-crash3.jxr
>   jxrlib-crash4.jxr
>   jxrlib-crash.jxr
>   msie-jxr-mem-leak.jxr
> 
> which contain a badly formatted JPEG XR file that triggered a mild
> CVE
> in Windows:
> 
>   https://technet.microsoft.com/en-us/library/security/ms15-029.aspx
> 
> (so this is not a false positive or over-active virus scanner).
> 
> I'm inclined to ignore this and point people to this posting if there
> are any bugs filed.  But maybe there is some Fedora policy which
> applies here?

I'm the clamav packager maintainer is anything related with this 2
CVE(s) [1] ? 

I was waiting for a new stable release .

Thanks, 

[1]
https://bugzilla.redhat.com/show_bug.cgi?id=1483911
https://bugzilla.redhat.com/show_bug.cgi?id=1472778

> Rich.
> 
> -- 
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com
> /~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.co
> m
> virt-df lists disk usage of guests without needing to install any
> software inside the virtual machine.  Supports Linux and Windows.
> http://people.redhat.com/~rjones/virt-df/
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
-- 
Sérgio M. B.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux