Title: Clam Anti-Virus ClamAV Cabinet File Parsing Remote Denial Of Service Vulnerability
Severity: HIGH
Description:
ClamAV is a freely available, open source virus scanning utility. It is available for the Unix and Linux platforms.
A remote denial of service vulnerability affects ClamAV. This issue is due to a failure of the application to properly handle malicious file content.
The problem presents itself when the affected utility attempts to process a Cabinet file that is maliciously crafted. Apparently when the application parses Cabinet files with malicious headers containing a 'cffile_FolderOffset' value of '0xff' it will fall into an infinite loop, denying further service for legitimate users.
This issue may be exploited by an attacker that distributes a malicious file to an unsuspecting user running the affected software. When the malicious file is processed by the affected utility, the denial of service is triggered.
An attacker may leverage this issue to crash the Clam Anti-Virus daemon, potentially leaving an affected computer open to infection by malicious code.
Affected Products:
- ALT Linux ALT Linux Compact 2.3.0
- ALT Linux ALT Linux Junior 2.3.0
- Clam Anti-Virus ClamAV 0.51.0
- Clam Anti-Virus ClamAV 0.52.0
- Clam Anti-Virus ClamAV 0.53.0
- Clam Anti-Virus ClamAV 0.54.0
- Clam Anti-Virus ClamAV 0.60.0
- Clam Anti-Virus ClamAV 0.65.0
- Clam Anti-Virus ClamAV 0.67.0
- Clam Anti-Virus ClamAV 0.68.0
- Clam Anti-Virus ClamAV 0.68.0 -1
- Clam Anti-Virus ClamAV 0.70.0
- Clam Anti-Virus ClamAV 0.80.0
- Clam Anti-Virus ClamAV 0.80.0 rc1
- Clam Anti-Virus ClamAV 0.80.0 rc2
- Clam Anti-Virus ClamAV 0.80.0 rc3
- Clam Anti-Virus ClamAV 0.80.0 rc4
- Clam Anti-Virus ClamAV 0.81.0
- Clam Anti-Virus ClamAV 0.82.0
- Clam Anti-Virus ClamAV 0.83.0
- Clam Anti-Virus ClamAV 0.84.0
- Clam Anti-Virus ClamAV 0.84.0 rc1
- Clam Anti-Virus ClamAV 0.84.0 rc2
- Clam Anti-Virus ClamAV 0.85.0
- Clam Anti-Virus ClamAV 0.85.1
- Conectiva Linux 10.0.0
- Conectiva Linux 9.0.0
- Debian Linux 3.1.0
- Debian Linux 3.1.0 alpha
- Debian Linux 3.1.0 amd64
- Debian Linux 3.1.0 arm
- Debian Linux 3.1.0 hppa
- Debian Linux 3.1.0 ia-32
- Debian Linux 3.1.0 ia-64
- Debian Linux 3.1.0 m68k
- Debian Linux 3.1.0 mips
- Debian Linux 3.1.0 mipsel
- Debian Linux 3.1.0 ppc
- Debian Linux 3.1.0 s/390
- Debian Linux 3.1.0 sparc
- Gentoo Linux
- Gentoo Linux 1.4.0
- Gentoo Linux 1.4.0 _rc1
- Gentoo Linux 1.4.0 _rc2
- Gentoo Linux 1.4.0 _rc3
- MandrakeSoft Corporate Server 3.0.0
- MandrakeSoft Corporate Server 3.0.0 x86_64
- MandrakeSoft Linux Mandrake 10.1.0
- MandrakeSoft Linux Mandrake 10.1.0 x86_64
- S.u.S.E. Linux 8.0.0
- S.u.S.E. Linux 8.0.0 i386
- S.u.S.E. Linux 8.1.0
- S.u.S.E. Linux Personal 8.2.0
- S.u.S.E. Linux Personal 9.0.0
- S.u.S.E. Linux Personal 9.0.0 x86_64
- S.u.S.E. Linux Personal 9.1.0
- S.u.S.E. Linux Personal 9.2.0
- Trustix Secure Enterprise Linux 2.0.0
- Trustix Secure Linux 1.5.0
- Trustix Secure Linux 2.1.0
- Trustix Secure Linux 2.2.0
References:
- ALT Linux: [security-announce] I: updated packages available
- Clam Anti-Virus: ClamAV Homepage
- Clam Anti-Virus: ClamAV Version 0.81 Change Log
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
