oss-sec mailing list archives
Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes
From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 16:03:20 -0400 (EDT)
Please use CVE-2011-2721. Thanks. -- JB ----- Original Message -----
Hello Josh, Steve, vendors, based on: [1] http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2 an off-by-one error was found in the way the hash manager of Clam AntiVirus, a GPL anti-virus toolkit for UNIX, performed scan of messages with certain hashes. A remote attacker could provide a message with specially-crafted hash signature in it, leading to denial of service (clamscan executable crash). Upstream bug report: [2] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818 Relevant patch: [3] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5 Other references: [4] https://bugzilla.novell.com/show_bug.cgi?id=708263 [5] http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2 [6] http://www.clamav.net/lang/en/ [7] https://bugzilla.redhat.com/show_bug.cgi?id=725694 Note: The rest of the issues fixed in [1] seem to be just bug fixes. Cc-ed upstream Clam Antivirus maintainers to confirm this (that there is only one issue with security implications) and correct the description of the issue, if necessary (just guessing that "cli_hm_scan()" stands for command_line_interface_hash_manager_scan, since it doesn't seem to be described in the code anywhere). Josh, Steve, could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Jan Lieskovsky (Jul 26)
- Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Josh Bressers (Jul 26)