[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- Clam AntiVirus -- v0.97.2 --
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-07-26 20:03:20
Message-ID: 633189304.1604805.1311710600501.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2011-2721.
Thanks.
--
JB
----- Original Message -----
> Hello Josh, Steve, vendors,
>
> based on:
> [1]
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2
>
> an off-by-one error was found in the way the hash manager of Clam
> AntiVirus, a GPL anti-virus toolkit for UNIX, performed scan of
> messages with certain hashes. A remote attacker could provide a
> message
> with specially-crafted hash signature in it, leading to denial of
> service (clamscan executable crash).
>
> Upstream bug report:
> [2] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818
>
> Relevant patch:
> [3]
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5
>
> Other references:
> [4] https://bugzilla.novell.com/show_bug.cgi?id=708263
> [5]
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2
> [6] http://www.clamav.net/lang/en/
> [7] https://bugzilla.redhat.com/show_bug.cgi?id=725694
>
> Note: The rest of the issues fixed in [1] seem to be just bug fixes.
> Cc-ed upstream Clam Antivirus maintainers to confirm this (that
> there is only one issue with security implications) and correct
> the description of the issue, if necessary (just guessing that
> "cli_hm_scan()" stands for
> command_line_interface_hash_manager_scan, since it doesn't seem
> to be described in the code anywhere).
>
> Josh, Steve, could you allocate a CVE id for this?
>
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic