Bug 1316140 - clamav: Missing error return value when DoS protection terminates scanning
clamav: Missing error return value when DoS protection terminates scanning
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160307,repor...
: Security
Depends On: 1316141 1316142
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-09 09:05 EST by Adam Mariš
Modified: 2017-07-17 11:25 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2016-03-09 09:05:27 EST
When using clamscan on very large file, DoS protection terminating the scanning may apply, returning 0 value, just as in case of successfull scan. If application relies on return value of clamscan, it is possible to trick the application to hide malicious code in very large file, so the DoS protection in clamscan occurs, returning successful return value.

Upstream bug:

https://bugzilla.clamav.net/show_bug.cgi?id=11522

Debian report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817067
Comment 1 Adam Mariš 2016-03-09 09:06:13 EST
Created clamav tracking bugs for this issue:

Affects: fedora-all [bug 1316141]
Affects: epel-all [bug 1316142]
Comment 2 Orion Poplawski 2016-06-14 17:32:41 EDT
Could I be given access to the upstream bug report?
Comment 3 Sergio Monteiro Basto 2017-07-17 09:22:22 EDT
(In reply to Orion Poplawski from comment #2)
> Could I be given access to the upstream bug report?

+1 , Orion have you already access to this bug report ?
Comment 4 Sergio Monteiro Basto 2017-07-17 09:48:15 EDT
fix 0.99.3 false negative of virus Pdf.Exploit.CVE_2016_1046-1. 

https://github.com/vrtadmin/clamav-devel/commit/167c0079292814ec5523d0b97a9e1b002bf8819b

is this CVE ?
Comment 5 Orion Poplawski 2017-07-17 11:25:27 EDT
(In reply to Sergio Monteiro Basto from comment #3)
> (In reply to Orion Poplawski from comment #2)
> > Could I be given access to the upstream bug report?
> 
> +1 , Orion have you already access to this bug report ?

Nope.

Note You need to log in before you can comment on or make changes to this bug.