Steven M. Christey
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: New clamav vulnerabilities
The ZDI advisory already had a CAN in it, but there must be something weird with their format because I missed it at first, too, even though it was right at the top! :) - Steve =====================================================Name: CVE-2005-3303 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303 Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-05-002.html The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. =====================================================Name: CVE-2005-3500 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500 Reference: IDEFENSE:20051104 Clam AntiVirus tnef_attachment() DoS Vulnerability Reference: URL:http://www.idefense.com/application/poi/display?id=333&type=vulnerabilities The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. =====================================================Name: CVE-2005-3501 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3501 Reference: IDEFENSE:20051104 Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability Reference: URL:http://www.idefense.com/application/poi/display?id=334&type=vulnerabilities The cabd_find function in cabd.c of the the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steven, Please assign CVEs for the following public vulnerabilities in clamav: REFERENCE: IDEF1169 URL: http://www.blacksheepnetworks.com/security/security/fulldisc/1169.html A possible denial of service has been found in the libclamav/tnef.c code of clamav. REFERENCE: IDEF1180 URL: http://www.blacksheepnetworks.com/security/security/fulldisc/1180.html A possible denial of service has been found in the libclamav/mspack/cabd.c of clamav. REFERENCE: ZDI-CAN-004 URL: http://cvs.sourceforge.net/viewcvs.py/clamav/clamav-devel/libclamav/fsg.c?rev=1.8&view=markup The buffer size calculation code in clamav could be by-passed due to a vulnerability in libclamav/fsg.c. Thanks, Micah -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDatcQ9n4qXRzy1ioRAueOAKCGF7R8/Rs4LSg5Cc32aPfWuc/0ewCgsVm3 HHkkVTzbRzP9ua2jv+gyTR8=umHD -----END PGP SIGNATURE-----