'Re: [oss-security] CVE request: clamav clamd and clamscan DoS and'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: clamav clamd and clamscan DoS and
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-04-23 19:40:48
Message-ID: Pine.GSO.4.51.0904231540370.22181 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2009-1371
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371
Reference: CONFIRM:http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032
                
Reference: CONFIRM:https://launchpad.net/bugs/360502
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
Reference: UBUNTU:USN-756-1
Reference: URL:http://www.ubuntu.com/usn/usn-756-1
Reference: BID:34446
Reference: URL:http://www.securityfocus.com/bid/34446
Reference: OSVDB:53602
Reference: URL:http://osvdb.org/53602
Reference: SECTRACK:1022028
Reference: URL:http://www.securitytracker.com/id?1022028
Reference: SECUNIA:34612
Reference: URL:http://secunia.com/advisories/34612
Reference: SECUNIA:34654
Reference: URL:http://secunia.com/advisories/34654
Reference: VUPEN:ADV-2009-0985
Reference: URL:http://www.vupen.com/english/advisories/2009/0985

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before
0.95.1 allows remote attackers to cause a denial of service
(application crash) via a malformed file with UPack encoding.


======================================================
Name: CVE-2009-1372
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372
Reference: CONFIRM:http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032
                
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553
Reference: BID:34446
Reference: URL:http://www.securityfocus.com/bid/34446
Reference: OSVDB:53603
Reference: URL:http://osvdb.org/53603
Reference: SECTRACK:1022028
Reference: URL:http://www.securitytracker.com/id?1022028
Reference: SECUNIA:34612
Reference: URL:http://secunia.com/advisories/34612
Reference: VUPEN:ADV-2009-0985
Reference: URL:http://www.vupen.com/english/advisories/2009/0985

Stack-based buffer overflow in the cli_url_canon function in
libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers
to cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted URL.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic