Threat Center Security News Ubuntu 8.10 vulnerable to DoS attack
Ubuntu 8.10 vulnerable to DoS attack Print E-mail
Written by Rebecca Mints   
Tuesday, 24 February 2009 19:41

Ubuntu V8.10 vulnerable to DoS attack

Developers of the Linux-based operating system Ubuntu have recently released its 8.10 desktop version which features upgrades like 3G network support and a “quick guest session”. But a security expert has discovered that Ubuntu Version 8.10 is vulnerable to a DoS attack.

Moritz Jodeit, who has been monitoring security threats found in Ubuntu applications, said the vulnerability exposes itself with VBA projects. Jodeit said that he examined a VBA project and found several flaws. A major fault is on ClamAV used by Ubuntu for virus scanning and protection from security threats. The vulnerability lies on the failure of ClamAV to correctly handle several strings.

Attackers who are able to deliver a well-crafted malicious VBA file had been able to exploit this flaw. The malicious file is disguised as a valid file and uploaded in ClamAV. ClamAV then processes it, and, voilâ!, the user will arrive at DoS.

A fix had been released by developers early on to prevent further damage. Basically, all the user needs to do is make a standard systems upgrade. Specifically, the system should be upgraded to libclamav5 0.94.dfsg.1-1ubuntu0.1.


WTW Threat Level