Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
BID:24289
Info
Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
| Bugtraq ID: | 24289 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-3123 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | Jul 30 2007 08:25PM |
| Credit: | Elliot <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.0 Trustix Operating System Enterprise Server 2.0 SuSE Linux Enterprise Server 9 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.1 Kolab Kolab Groupware Server 2.1 Kolab Kolab Groupware Server 2.0.4 Kolab Kolab Groupware Server 2.0.3 Kolab Kolab Groupware Server 2.0.2 Kolab Kolab Groupware Server 2.0.1 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Clam Anti-Virus ClamAV 0.90.2 Clam Anti-Virus ClamAV 0.90.1 Clam Anti-Virus ClamAV 0.90 |
| Not Vulnerable: |
Clam Anti-Virus ClamAV 0.90.3 |
Discussion
Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
ClamAV is prone to a denial-of-service vulnerability.
A successful attack may allow an attacker to cause denial-of-service conditions.
ClamAV is prone to a denial-of-service vulnerability.
A successful attack may allow an attacker to cause denial-of-service conditions.
Exploit / POC
Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
Proof-of-concept code demonstrating this issue is reported to be publicly available.
Proof-of-concept code demonstrating this issue is reported to be publicly available.
Solution / Fix
Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
Solution:
The vendor released ClamAV 0.90.3 to address this issue. Please see the references for more information.
Clam Anti-Virus ClamAV 0.90
Clam Anti-Virus ClamAV 0.90.1
Clam Anti-Virus ClamAV 0.90.2
Solution:
The vendor released ClamAV 0.90.3 to address this issue. Please see the references for more information.
Clam Anti-Virus ClamAV 0.90
-
Clam Anti-Virus clamav-0.90.3.tar.gz
http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.90.3.tar.gz
Clam Anti-Virus ClamAV 0.90.1
-
Clam Anti-Virus clamav-0.90.3.tar.gz
http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.90.3.tar.gz
Clam Anti-Virus ClamAV 0.90.2
-
Clam Anti-Virus clamav-0.90.3.tar.gz
http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.90.3.tar.gz
References
Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
References:
References:
- ClamAV Homepage (Clam Anti-Virus)
- Kolab Security Issue 15 20070601 (Kolab)
- Non-exploitable heap corruption causing DoS with corrupted rar archive (ClamAV)
- Clam AntiVirus Changelog (ClamAV)