Bugtraq mailing list archives
[IVIZ-08-011] ClamAV lzh unpacking segmentation fault
From: "iViZ Security Advisories" <advisories () ivizsecurity com>
Date: Wed, 10 Dec 2008 17:18:40 +0530
----------------------------------------------------------------------- [ iViZ Security Advisory 08-011 10/12/2008 ] ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com ----------------------------------------------------------------------- * Title: ClamAV lzh unpacking segmentation fault * Date: 10/12/2008 * Software: ClamAV 0.93.3 and prior --[ Synopsis: Clamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files. --[ Affected Software: * ClamAV 0.93.3 and prior --[ Non Affected Software: * ClamAV 0.94 and newer --[ Impact: Remote DoS, possibly remote code execution. --[ Vendor response: * "Support for external unpackers has been dropped in 0.94 for security issues". --[ Credits: This vulnerability was discovered by Security Researcher Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd. --[ Disclosure timeline: * First private disclosure to vendor on October 14th 2008 * First vendor reply on October 15th 2008 : issue fixed. --[ Reference: http://www.ivizsecurity.com/security-advisory.html
Current thread:
- [IVIZ-08-011] ClamAV lzh unpacking segmentation fault iViZ Security Advisories (Dec 10)