HTTP: ClamAV AntiVirus cli_check_jpeg_exploit Function Denial of Service
This signature detects attempts to exploit a known buffer overflow vulnerability in the ClamAV AntiVirus product. It can be triggered when the application processes crafted JPEG files. An unauthenticated attacker can exploit this by delivering a crafted file to the scanning service resulting in an unchecked recursion which consumes the stack and causes a denial-of-service condition. In a successful attack, the affected ClamAV daemon terminates. This can allow for further exploitation of the target system, exposing the system to other threats in absence of the AntiVirus daemon.
Extended Description
ClamAV is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Versions prior to ClamAV 0.94.2 are vulnerable.
Affected Products
Debian linux
Short Name
HTTP:STC:DL:CLAMAV-JPEG-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AntiVirus CVE-2008-5314 ClamAV Denial Function Service bid:32555 cli_check_jpeg_exploit of
Release Date
10/19/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Suse
Apple
Gentoo
Clam_anti-virus
Ubuntu
Mandriva
Debian
Kolab
CVSS Score
4.3