[Secure-testing-team] Re: New clamav vulnerabilities
Steven M. Christey
coley at linus.mitre.org
Sat Nov 5 06:06:41 UTC 2005
The ZDI advisory already had a CAN in it, but there must be something
weird with their format because I missed it at first, too, even though it
was right at the top! :)
- Steve
======================================================
Name: CVE-2005-3303
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-05-002.html
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87
allows remote attackers to cause "memory corruption" and execute
arbitrary code via a crafted FSG 1.33 file.
======================================================
Name: CVE-2005-3500
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500
Reference: IDEFENSE:20051104 Clam AntiVirus tnef_attachment() DoS Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=333&type=vulnerabilities
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV)
before 0.87.1 allows remote attackers to cause a denial of service
(infinite loop and memory exhaustion) via a crafted value in a CAB
file that causes ClamAV to repeatedly scan the same block.
======================================================
Name: CVE-2005-3501
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3501
Reference: IDEFENSE:20051104 Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=334&type=vulnerabilities
The cabd_find function in cabd.c of the the libmspack library (mspack)
for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to
cause a denial of service (infinite loop) via a crafted CAB file that
causes cabd_find to be called with a zero length.
More information about the Secure-testing-team
mailing list