'Re: [oss-security] CVE id request - clamav'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE id request - clamav
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-04-16 15:21:46
Message-ID: Pine.GSO.4.51.0804161118130.22069 () faron ! mitre ! org
[Download RAW message or body]


On Tue, 15 Apr 2008, Tomas Hoger wrote:

>   * Check in 0.93 patches:
>     - libclamunrar: bb#541 (RAR - Version required to extract - Evasion)
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541

CVE-2008-1835

>     - libclamav/spin.c: bb#876 (PeSpin Heap Overflow Vulnerability)
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876

CVE-2008-0314

>     - libclamav/pe.c: bb#878 (Upack Buffer Overflow Vulnerability)
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878

CVE-2008-1100, as already noted.
>
>     - libclamav/message.c: bb#881 (message.c: read beyond allocated
> region)
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881

CVE-2008-1836

>     - libclamav/unarj.c: bb#897 (ARJ: Sample from CERT-FI hangs clamav)
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=897
> bug mentions CVE-2008-1387

CVE-2008-1387, confirmed.

>     - libclamunrar: bb#898 (RAR crashes on some fuzzed files from
> CERT-FI)
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898

CVE-2008-1837

>
> And even some fixes not mentioned in the changelog:
>
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877
> IDEF3001

CVE-2008-1833

- Steve


======================================================
Name: CVE-2008-0314
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314
Reference: IDEFENSE:20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876

Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1
allows remote attackers to execute arbitrary code via a crafted PeSpin
packed PE binary with a modified length value.


======================================================
Name: CVE-2008-1100
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100
Reference: MISC:http://secunia.com/secunia_research/2008-11/advisory/
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878
Reference: BID:28756
Reference: URL:http://www.securityfocus.com/bid/28756
Reference: FRSIRT:ADV-2008-1218
Reference: URL:http://www.frsirt.com/english/advisories/2008/1218/references
Reference: SECTRACK:1019837
Reference: URL:http://www.securitytracker.com/id?1019837
Reference: SECUNIA:29000
Reference: URL:http://secunia.com/advisories/29000
Reference: XF:clamav-cliscanpe-bo(41789)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41789

Buffer overflow in the cli_scanpe function in libclamav
(libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to
execute arbitrary code via a crafted Upack PE file.


======================================================
Name: CVE-2008-1387
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
Reference: BUGTRAQ:20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/490863/100/0/threaded
Reference: MISC:http://int21.de/cve/CVE-2008-1387-clamav.html
Reference: MISC:http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

ClamAV before 0.93 allows remote attackers to cause a denial of
service (CPU consumption) via a crafted ARJ archive, as demonstrated
by the PROTOS GENOME test suite for Archive Formats.


======================================================
Name: CVE-2008-1833
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833
Reference: IDEFENSE:20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877

Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote
attackers to execute arbitrary code via a crafted WWPack compressed PE
binary.


======================================================
Name: CVE-2008-1835
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541

ClamAV before 0.93 allows remote attackers to bypass the scanning
enging via a RAR file with an invalid version number, which cannot be
parsed by ClamAV but can be extracted by Winrar.


======================================================
Name: CVE-2008-1836
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881

The rfc2231 function in message.c in libclamav in ClamAV before 0.93
allows remote attackers to cause a denial of service (crash) via a
crafted message that produces a string that is not null terminated,
which triggers a buffer over-read.


======================================================
Name: CVE-2008-1837
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898

libclamunrar in ClamAV before 0.93 allows remote attackers to cause a
denial of service (crash) via crafted RAR files that trigger "memory
problems," as demonstrated by the PROTOS GENOME test suite for Archive
Formats.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic