Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Clam AntiVirus Vendors:
Clam AntiVirus CAB, FSG, and OLE Bugs Let Remote Users Deny Service or Execute Arbitrary Code
SecurityTracker Alert ID:  1015154
SecurityTracker URL:
CVE Reference:   CVE-2005-3239, CVE-2005-3303   (Links to External Site)
Date:  Nov 4 2005
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.80 - prior to 0.87.1
Description:   Several vulnerabilities were reported in Clam AntiVirus. A remote user can cause arbitrary code to be executed on the target system. A remote user can also cause denial of service conditions.

The tnef_attachment() function in 'tnef.c' does not properly validate user-supplied input. A remote user can create a specially crafted CAB file that, when processed, will cause the system to enter an infinite loop.

The cabd_find() function in 'mspack/cabd.c' in the libmspack library also lets a remote user cause the system to enter an infinite loop.

The vendor was notified of these vulnerabilities on October 7, 2005.

The software ('libclamav/fsg.c') does not properly unpack executable files compressed with FSG v1.33 [CVE-2005-3303]. A remote user can create a compressed file that, when processed by the target user, will trigger a heap overflow and execute arbitrary code.

The vendor was notified on October 24, 2005.

The OLE2 unpacker in clamd does not properly process DOC files with an invalid property tree [CVE-2005-3239]. A specially crafted file can triger an infinite recursion in the ole2_walk_property_tree function, causing denial of service conditions. The flaw resides in 'libclamav/ole2_extract.c'. Systems with default settings are not affected.

The vendor credits iDEFENSE and Zero Day Initiative with reporting some of these vulnerabilities.

Impact:   A remote user can cause the system to execute arbitrary code.

A remote user can cause the system to enter an infinite loop.

Solution:   The vendor has issued a fixed version (0.87.1), available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC