Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes

[Josh Bressers <bressers () redhat com>]

Please use CVE-2011-2721.

Thanks.

-- 
    JB

----- Original Message -----
> Hello Josh, Steve, vendors,
>
> based on:
> [1]
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2
>
> an off-by-one error was found in the way the hash manager of Clam
> AntiVirus, a GPL anti-virus toolkit for UNIX, performed scan of
> messages with certain hashes. A remote attacker could provide a
> message
> with specially-crafted hash signature in it, leading to denial of
> service (clamscan executable crash).
>
> Upstream bug report:
> [2] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818
>
> Relevant patch:
> [3]
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5
>
> Other references:
> [4] https://bugzilla.novell.com/show_bug.cgi?id=708263
> [5]
> http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2
> [6] http://www.clamav.net/lang/en/
> [7] https://bugzilla.redhat.com/show_bug.cgi?id=725694
>
> Note: The rest of the issues fixed in [1] seem to be just bug fixes.
> Cc-ed upstream Clam Antivirus maintainers to confirm this (that
> there is only one issue with security implications) and correct
> the description of the issue, if necessary (just guessing that
> "cli_hm_scan()" stands for
> command_line_interface_hash_manager_scan, since it doesn't seem
> to be described in the code anywhere).
>
> Josh, Steve, could you allocate a CVE id for this?
>
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team