|
Clam AntiVirus CAB/FSG File Handling and base64 MIME Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA17434
|
|
|
Release Date:
|
2005-11-04
|
|
Last Update:
|
2006-12-13
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Clam AntiVirus (clamav) 0.x
|
| | CVE reference: | CVE-2005-3303 (Secunia mirror)
CVE-2005-3500 (Secunia mirror)
CVE-2005-3501 (Secunia mirror)
CVE-2006-5874 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in Clam AntiVirus (clamav), which can be exploited by malicious people to cause a DoS (Denial of Service) and to compromise a vulnerable system.
1) A boundary error in "libclamav/fsg.c" when unpacking FSG v1.33 compressed executable file can cause a heap-based buffer overflow and can be exploited to execute arbitrary code.
2) A validation error in "libclamav/tnef.c" when handling a CAB file with a malformed header can cause the same block in the file to be scanned repeatedly. This can be exploited to cause an infinite loop, potentially causing a DoS, via a specially crafted CAB file.
3) An error in "libclamav/mspack/cabd.c" when handling a CAB file with a malformed header can cause an infinite loop in the "cabd_find()" function. This can potentially be exploited to cause a DoS via a specially crafted CAB file.
4) A NULL pointer dereference exists when handling malformed base64 encoded MIME attachments. This can be exploited to cause a DoS via specially crafted MIME attachments.
The vulnerabilities have been reported in versions 0.87 and prior.
Solution:
Update to version 0.87.1.
http://sourceforge.net/project/showfiles.php?group_id=86638
Provided and/or discovered by:
1) 3Com's Zero Day Initiative.
2-3) iDEFENSE.
4) Stephen Gran
Changelog:
2005-11-07: Updated "Critical", "Impact", "Description" and credit sections. Added links to "Original Advisory".
2005-11-08: Added CVE references.
2005-12-15: Corrected credit and "Original Advisory" sections.
2006-12-12: Added additional vulnerability reported by Stephen Gran.
Original Advisory:
3Com's Zero Day Initiative:
http://www.zerodayinitiative.com/advisories/ZDI-05-002.html
iDEFENSE:
http://www.idefense.com/application/poi/display?id=333&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=334&type=vulnerabilities
Debian:
http://www.us.debian.org/security/2006/dsa-1232
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
28 Related Secunia Security Advisories, displaying 10
|
|
|
1. ClamAV Petite Processing Denial of Service Vulnerability
|
|
2. ClamAV Multiple Vulnerabilities
|
|
3. ClamAV Multiple Vulnerabilities
|
|
4. ClamAV Multiple Vulnerabilities
|
|
5. ClamAV Multiple Vulnerabilities
|
|
6. ClamAV RAR Archive Processing Denial of Service Vulnerability
|
|
7. ClamAV Multiple Vulnerabilities
|
|
8. Clam AntiVirus Multiple Vulnerabilities
|
|
9. ClamAV MIME Header Handling and CAB File Processing Vulnerabilities
|
|
10. Clam AntiVirus Multipart Nestings Denial of Service
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
