Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: ClamAV vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 06 Dec 2013 21:10:55 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/29/2013 06:35 PM, George Theall wrote:

On Nov 29, 2013, at 12:58 PM, Kurt Seifried <kseifried () redhat com>
wrote:

On 11/29/2013 02:20 AM, Sergey Popov wrote:
It's a bit late, but i would like to request CVE for two 
vulnerabilities, that present in ClamAV before 0.97.7[1]:

1) A double-free error exists within the 
"unrar_extract_next_prepare()" function 
(libclamunrar_iface/unrar_iface.c) when parsing a RAR file.

2) An unspecified error within the "wwunpack()" function 
(libclamav/wwunpack.c) when unpacking a WWPack file can be 
exploited to corrupt heap memory.

[1] - https://secunia.com/advisories/52647/


The blog entry

http://blog.clamav.net/2013/03/clamav-0977-has-been-released.html

contains no mention of security flaws,

Hrm, at least the copy I see says “ClamAV 0.97.7 addresses
several reported potential security bugs.”. While it doesn’t
identify the issues per se, it does at least indicate this is a
security release.

Jan Lieskovsky talked about both of these last March — see
<http://seclists.org/oss-sec/2013/q1/672>. The double-free was
fixed in this commit :

https://github.com/vrtadmin/clamav-devel/commit/b2212def1bb92b5ac45c82da100dc0d1376de6a3

 and the 'wwunpack()’ issue maps to :

https://bugzilla.clamav.net/show_bug.cgi?id=6806

Hope that helps,


Also the ChangeLog:

https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog

Doesn't contain any mention of the above flaws. Can you provide
links to source code/bug reports or something so I can verify this?
Thanks.

Just a heads up I know at least one person is trying to get details
from SourceFire (they bought ClamAV some time back). Until I can match
issues up I can't assign CVEs.

George


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSop/OAAoJEBYNRVNeJnmTOl8P/3F+8wBFgC2AHXllbYnPa4ZP
HDYbDCaTsqNQdBdFyZuKuwN7UbnUnXL2HYm+VQrRf6HeMjXj4ghPBasnzwQrHhcR
9wlBvKwDJkn5LRQJItHZ7AG6T3FlkKA2ksFFkzLgKmRgT+aW3TVlj6MJP8uaD5KQ
kivaiXwToPNGz8u/HiDB9DLDBDz+ObImhNQEClmrQkPLUFVGmShkp6UZGVen7MiH
9iCrvtxHQ12fevdXfqOHFuFCtrn6X23Y8uccCWdAZWFx0t8dlhC0loXugIrnL0xv
kxoSsDAMtPWB1FkO31hVSFXlvPSe90Ji7k1Yow9hThncL3qbcWQJ7hR31qVQeEkp
dXBwLAXbi5Bd2zZJvpGtyDfPKJtgzqtXTMQXSeWj2FcSkBqk9sOjn8tCyoCiBNF7
V2ayPrW/PCaVhDsCtwICbbKSnz+M7hIc6ggCK7Ng4QcvBRXkAM6k07+H5S9VBmdu
BowhiVPSjErHUDqL4llHjnfmBS44FatEWkyz13/9nh5+avHAX48vQp8FFm1oqPvc
K/AlfVNFXkp1GF2bb/j7qqkv9J7fTqyIN6zFM8BrDjCb8QZZ98CtAlYnIh4UVTRE
IOEGGVY/2qdYP+p6+1TXeDq83uK7uXve/8Sbg0X8mWe4wGkZIgkx5Ymi5yXgmIr5
WXq9kVEcAGVG3C55rNZX
=1yV3
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault