ClamAV RAR Archive Remote Denial Of Service Vulnerability

Bugtraq ID:	9897
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Mar 16 2004 12:00AM
Updated:	Mar 16 2004 12:00AM
Credit:	The vendor announced this vulnerability.
Vulnerable:	Clam Anti-Virus ClamAV 0.67 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.4 Clam Anti-Virus ClamAV 0.65
Not Vulnerable:	Clam Anti-Virus ClamAV 0.68

ClamAV RAR Archive Remote Denial Of Service Vulnerability

ClamAV has been reported prone to a remote denial of service vulnerability. The issue presents itself when a RAR archive that is created by variants of the W32.Beagle.A@mm worm (MCID 2443) is encountered.

ClamAV RAR Archive Remote Denial Of Service Vulnerability

There is no exploit required.

ClamAV RAR Archive Remote Denial Of Service Vulnerability

Solution:
Gentoo have released an advisory (GLSA 200404-07) and have made updated eBuilds available to address this issue. Gentoo advise that affected users emerge the updated eBuilds into their portage. This can be accomplished by issuing the following as root:
emerge sync
emerge -pv ">=net-mail/clamav-0.68.1"
emerge ">=net-mail/clamav-0.68.1"

The vendor has released an upgrade to address this issue:


Clam Anti-Virus ClamAV 0.65

• Clam Anti-Virus clamav-0.68.tar.gz
  http://prdownloads.sourceforge.net/clamav/clamav-0.68.tar.gz?download

Clam Anti-Virus ClamAV 0.67

• Clam Anti-Virus clamav-0.68.tar.gz
  http://prdownloads.sourceforge.net/clamav/clamav-0.68.tar.gz?download

ClamAV RAR Archive Remote Denial Of Service Vulnerability

References:

• Clam AntiVirus 0.68 (Default) - Release focus: Major security fixes (ClamAV)
  
• Project Homepage (ClamAV)