CVE-2010-0098

Related Files

Gentoo Linux Security Advisory 201009-6

Posted Sep 8, 2010

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201009-6 - Multiple vulnerabilities have been reported in Clam AntiVirus. Versions less than 0.96.1 are affected.

tags | advisory, vulnerability

systems | linux, gentoo

advisories | CVE-2010-0098, CVE-2010-1311, CVE-2010-1639, CVE-2010-1640

SHA-256 | 29bc3e802eed31e1ea30d7fbff434641cd4cd7678f94999a5dbf9a4ba1bef742

Download | Favorite | View

Mandriva Linux Security Advisory 2010-082

Posted May 21, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-082 - ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka.Q) compression format. NOTE: some of these details are obtained from third party information. This update provides clamav 0.96, which is not vulnerable to these issues. Packages for 2009.0 are provided due to the Extended Maintenance Program.

tags | advisory, remote, denial of service, virus

systems | linux, mandriva

advisories | CVE-2010-0098, CVE-2010-1311

SHA-256 | 01916f1257f5750f983fb3c22bd70d378c39701cb1ea591bfd03313e40e54003

Download | Favorite | View

Mandriva Linux Security Advisory 2010-082

Posted Apr 20, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-082 - ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka.Q) compression format. NOTE: some of these details are obtained from third party information. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides clamav 0.96, which is not vulnerable to these issues.

tags | advisory, remote, denial of service, virus

systems | linux, mandriva

advisories | CVE-2010-0098, CVE-2010-1311

SHA-256 | eb840d0860c67dd281facb646f931facd1346a2f4f7d2636f450384c9134a3b0

Download | Favorite | View

Ubuntu Security Notice 926-1

Posted Apr 9, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 926-1 - It was discovered that ClamAV did not properly verify its input when processing CAB files. A remote attacker could send a specially crafted CAB file to evade malware detection and also cause a denial of service via application crash.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2010-0098

SHA-256 | bdedf8634cb8edf0df0ba61650028490bf0cd0b7468ef9ce93cc68908675ca6b

Download | Favorite | View