Author: micah Date: 2005-11-04 03:16:46 +0000 (Fri, 04 Nov 2005) New Revision: 2660 Added: data/DTSA/advs/21-clamav.adv Log: Preparing an advisory for new clamav issues Added: data/DTSA/advs/21-clamav.adv ==================================================================--- data/DTSA/advs/21-clamav.adv 2005-11-04 01:19:19 UTC (rev 2659) +++ data/DTSA/advs/21-clamav.adv 2005-11-04 03:16:46 UTC (rev 2660) @@ -0,0 +1,28 @@ +source: clamav +date: November 3rd, 2005 +author: Micah Anderson +vuln-type: Denial of service +problem-scope: remote +debian-specific: no +cve: CVE-2005-3239 +testing-fix: 0.87.1-0etch.1 +sid-fix: 0.87.1 +upgrade: apt-get upgrade + + +Multiple security holes were found in clamav: + +CVE-2005-3239 + + The OLE2 unpacker allows remote attackers to cause a denial of service + by sending a DOC file with an invalid property tree, triggering + an infinite recursion. + + A possible denial of service has been found in + libclamav/tnef.c (IDEF1169) + + A possible debian of service has been found in + libclamav/mspack/cabd.c (IDEF1180) + + Buffer size calculation could be by-passed due to a vulnerability + in libclamav/fsg.c (ZDI-CAN-004)
micah
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r2660 - data/DTSA/advs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Florian Weimer wrote:> * Micah Anderson: > > >>+CVE-2005-3239 >>+ >>+ The OLE2 unpacker allows remote attackers to cause a denial of service >>+ by sending a DOC file with an invalid property tree, triggering >>+ an infinite recursion. >>+ >>+ A possible denial of service has been found in >>+ libclamav/tnef.c (IDEF1169) > > > Could you fromat this in a way which makes clear that the CVE name > only applies to the first bug?I''m waiting for CVE assignment and buildds before releasing it. My plan has been to make the formatting as you suggest. micah -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDa2sU9n4qXRzy1ioRAo7GAKCerYkeiV94t9AVgVVRtfh95xhcDQCeKGN3 clpuWoLxMKjRFG6L+NUBLDQ=c3pX -----END PGP SIGNATURE-----
Florian Weimer
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r2660 - data/DTSA/advs
* Micah Anderson:> +CVE-2005-3239 > + > + The OLE2 unpacker allows remote attackers to cause a denial of service > + by sending a DOC file with an invalid property tree, triggering > + an infinite recursion. > + > + A possible denial of service has been found in > + libclamav/tnef.c (IDEF1169)Could you fromat this in a way which makes clear that the CVE name only applies to the first bug?