Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes
From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 16:03:20 -0400 (EDT)

Please use CVE-2011-2721.

Thanks.

-- 
    JB

----- Original Message -----
Hello Josh, Steve, vendors,

based on:
[1]
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2

an off-by-one error was found in the way the hash manager of Clam
AntiVirus, a GPL anti-virus toolkit for UNIX, performed scan of
messages with certain hashes. A remote attacker could provide a
message
with specially-crafted hash signature in it, leading to denial of
service (clamscan executable crash).

Upstream bug report:
[2] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818

Relevant patch:
[3]
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5

Other references:
[4] https://bugzilla.novell.com/show_bug.cgi?id=708263
[5]
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2
[6] http://www.clamav.net/lang/en/
[7] https://bugzilla.redhat.com/show_bug.cgi?id=725694

Note: The rest of the issues fixed in [1] seem to be just bug fixes.
Cc-ed upstream Clam Antivirus maintainers to confirm this (that
there is only one issue with security implications) and correct
the description of the issue, if necessary (just guessing that
"cli_hm_scan()" stands for
command_line_interface_hash_manager_scan, since it doesn't seem
to be described in the code anywhere).

Josh, Steve, could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]