Bug 522157 - Clam AntiVirus: Multiple vulnerabilities
Summary: Clam AntiVirus: Multiple vulnerabilities
Keywords:
Status: CLOSED DUPLICATE of bug 495039
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://www.gentoo.org/security/en/gls...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-09 15:47 UTC by Elia Pinto
Modified: 2009-09-09 18:01 UTC (History)
1 user (show)

Fixed In Version:
Clone Of: 461845
Environment:
Last Closed: 2009-09-09 18:01:08 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gentoo 264834 0 None None None Never

Description Elia Pinto 2009-09-09 15:47:13 UTC 
Personal comment

Probably SELINUX targeted policy, and Selinux Memory check, mitigate this
but it necessary to upgrade anyway. I open here because this is a security bug and not a generic bug.

********************************************

Synopsis

Multiple vulnerabilities in ClamAV allow for the remote execution of arbitrary code or Denial of Service.

2.  Impact Information

Background

Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Description

Multiple vulnerabilities have been found in ClamAV:

    * The vendor reported a Divide-by-zero error in the PE ("Portable Executable"; Windows .exe) file handling of ClamAV (CVE-2008-6680).
    * Jeffrey Thomas Peckham found a flaw in libclamav/untar.c, possibly resulting in an infinite loop when processing TAR archives in clamd and clamscan (CVE-2009-1270).
    * Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro in libclamav/others.h, when processing UPack archives (CVE-2009-1371).
    * Nigel disclosed a stack-based buffer overflow in the "cli_url_canon()" function in libclamav/phishcheck.c when processing URLs (CVE-2009-1372).

Impact

A remote attacker could entice a user or automated system to process a specially crafted UPack archive or a file containing a specially crafted URL, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Furthermore, a remote attacker could cause a Denial of Service by supplying a specially crafted TAR archive or PE executable to a Clam AntiVirus instance.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Clam AntiVirus users should upgrade to the latest version:
Comment 1 Elia Pinto 2009-09-09 15:50:48 UTC 
This bug is pubblic

http://seclists.org/fulldisclosure/2009/Sep/0057.html

It report

Affected packages

     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  app-antivirus/clamav      < 0.95.2                      >= 0.95.2
Comment 2 Tomas Hoger 2009-09-09 18:01:08 UTC 
This is dupe of:
  https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-6680
  https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1371

*** This bug has been marked as a duplicate of bug 495039 ***
Note You need to log in before you can comment on or make changes to this bug.