Clam Anti-Virus MIME Attachments Denial Of Service Vulnerability
BID:21510
Info
Clam Anti-Virus MIME Attachments Denial Of Service Vulnerability
| Bugtraq ID: | 21510 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5874 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 09 2006 12:00AM |
| Updated: | Jan 25 2007 04:33PM |
| Credit: | Stephen Gran is credited with the discovery of this vulnerability. |
| Vulnerable: |
Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Clam Anti-Virus ClamAV 0.84 Clam Anti-Virus ClamAV 0.83 Clam Anti-Virus ClamAV 0.82 Clam Anti-Virus ClamAV 0.81 Clam Anti-Virus ClamAV 0.80 rc4 Clam Anti-Virus ClamAV 0.80 rc3 Clam Anti-Virus ClamAV 0.80 rc2 Clam Anti-Virus ClamAV 0.80 rc1 Clam Anti-Virus ClamAV 0.80 Clam Anti-Virus ClamAV 0.75.1 Clam Anti-Virus ClamAV 0.70 Clam Anti-Virus ClamAV 0.68 -1 Clam Anti-Virus ClamAV 0.68 Clam Anti-Virus ClamAV 0.67 Clam Anti-Virus ClamAV 0.65 Clam Anti-Virus ClamAV 0.60 Clam Anti-Virus ClamAV 0.54 Clam Anti-Virus ClamAV 0.53 Clam Anti-Virus ClamAV 0.52 Clam Anti-Virus ClamAV 0.51 |
| Not Vulnerable: | |
Discussion
Clam Anti-Virus MIME Attachments Denial Of Service Vulnerability
ClamAV is prone to a denial-of-service vulnerability because it fails to handle specific MIME attachments.
A successful exploit of this issue will cause the application to crash, resulting in a denial-of-service condition.
ClamAV versions prior to 0.88.4-2 are vulnerable; other versions may also be affected.
ClamAV is prone to a denial-of-service vulnerability because it fails to handle specific MIME attachments.
A successful exploit of this issue will cause the application to crash, resulting in a denial-of-service condition.
ClamAV versions prior to 0.88.4-2 are vulnerable; other versions may also be affected.
Exploit / POC
Clam Anti-Virus MIME Attachments Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Clam Anti-Virus MIME Attachments Denial Of Service Vulnerability
Solution:
Please see the referenced advisory for more information.
Mandriva Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0 x86_64
Solution:
Please see the referenced advisory for more information.
Mandriva Linux Mandrake 2007.0
-
Mandriva clamav-0.88.7-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.7-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.7-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 4.0
-
Mandriva clamav-0.88.7-0.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.7-0.1.20060mlcs4.src.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.7-0.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download -
Mandriva libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 2007.0 x86_64
-
Mandriva clamav-0.88.7-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 2006.0 x86_64
-
Mandriva clamav-0.88.7-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.7-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.7-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download
Mandriva Linux Mandrake 2006.0
-
Mandriva clamav-0.88.7-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.7-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.7-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.7-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva libclamav1-0.88.7-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 3.0 x86_64
-
Mandriva clamav-0.88.7-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.7-0.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.7-0.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 3.0
-
Mandriva clamav-0.88.7-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.7-0.1.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.7-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.7-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva libclamav1-0.88.7-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 4.0 x86_64
-
Mandriva clamav-0.88.7-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva ib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download
References
Clam Anti-Virus MIME Attachments Denial Of Service Vulnerability
References:
References:
- ClamAV Homepage (Clam Anti-Virus)
- SECURITY] [DSA 1232-1] New clamav packages fix denial of service (Moritz Muehlenhoff)