TK53 Advisory 2 - Multiple vulnerabilities exist in ClamAV version 0.92 including a race condition and bypass flaws.
60f282650db36b99a8714bd90bc91b916c65759e7573026b8b48aaf66bad3ad2The parsing engine in ClamAV versions below 0.96 can be bypassed by manipulating CAB (Filesize) archives in a "certain way" that the ClamAV engine cannot extract the content but the end user is able to.
5b71b0644c8e2c68a39b65b1d09e406706b0f0049ebfe813efb8f19923797186The parsing engine in ClamAV versions below 0.95.2 can be bypassed by manipulating RAR and ZIP archives in a "certain way" that the ClamAV engine cannot extract the content but the end user is able to.
cd01713e1fa44a2538cd9d9db21917cfb29f9249b3fbe9364d85a76bebad8d77Secunia Security Advisory - Ubuntu has issued an update for clamav. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
d8f44c91fc1bda0e869632b014a1221840aab46f8c48237a26d46ec27a73f415Ubuntu Security Notice USN-770-1 - A flaw was discovered in the clamav-milter initscript which caused the ownership of the current working directory to be changed to the 'clamav' user. This update attempts to repair the incorrect ownership for standard system directories.
a186403d50c108ee43c7c497899d0fba27d039dbacc5f61a14a57c35494e01a7Mandriva Linux Security Advisory 2009-097 - Multiple vulnerabilities in ClamAV versions below 0.95 allow for denial of service conditions.
1c78a96a831f6665eddf13b79a924f572a5529daa119fe7eae73056384cb2a6bSecunia Security Advisory - Debian has issued an update for clamav. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
c063df3e7a971c3b2ef5fa20d5f95f428ad201523245f416ed21b147520f24e3Debian Security Advisory 1771-1 - Several vulnerabilities have been discovered in the ClamAV anti-virus toolkit. Attackers can cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. Attackers can cause a denial of service (infinite loop) via a crafted tar file that causes (1) clamd and (2) clamscan to hang. Attackers can cause a denial of service (crash) via a crafted EXE file that crashes the UPack unpacker.
dd4582c7ce66daa9cb0edcf432b78f10bb534cdb0ba8461534b5101238db5c9cSecunia Security Advisory - Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
e389dac41b81cb6b1d2f7b833253fad3dc0f0f4e353412ceb6c3ccdd2d2c010cUbuntu Security Notice USN-756-1 - It was discovered that ClamAV did not properly verify buffers when processing Upack files. A remote attacker could send a crafted file and cause a denial of service via application crash.
07d82d833b92c7608fedc3c8d5921f5c76ed14b931579baf99b7238105a4173aSecunia Security Advisory - Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
7cecd14424a3d8ab8c0a8cdc3787c881d741e11fb0f14a4e01e596e6d13190b8Secunia Security Advisory - Ubuntu has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a084ef869067a8580b6cb2f8621e9075abcb8ffdf5b0fad57805fef03dc6f28eUbuntu Security Notice USN-754-1 - It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. It was discovered that ClamAV did not properly validate Portable Executable (PE) files. A remote attacker could send a crafted PE file and cause a denial of service (divide by zero).
8ba357462bb8043efaa3772f68bf8a4b486dd97d34fa899ba47c682452476ff1Secunia Security Advisory - A weakness and two vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
8477e4ae6996de3840c33b3ebfd79448248d786e7b70d9a534ae32f98a1ae744The parsing engine in Clam AntiVirus versions below 0.95 can be bypassed by manipulating RAR archives in a certain way that ClamAV cannot extract the content but the end user is able to.
1ad9a4ac9d3a2014ada24abfdc78454052f88645c0a7e7f90b20fe8a14b687f4Gentoo Linux Security Advisory GLSA 200812-21 - Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Versions less than 0.94.2 are affected.
e266277192a4a3af7c8e228304c79935f78c8defb315c8375f029ee56165f438Secunia Security Advisory - Gentoo has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
7dd79e9dd84b103fcad41ec3249cd715902d8c0c87f4981bc518d415047a575cSecunia Security Advisory - SUSE has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
c363e382bc9b1ef47fb92de14e7fb9bba0cc83be09f7ed4eaaba2c2ae4a628fbClamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files. Versions 0.93.3 and below are affected.
af9e2f87235c167df539925d2d3e6d8133912250f66b6b29626b3fb8d4cbdf95Mandriva Linux Security Advisory 2008-239 - Ilja van Sprundel found that ClamAV contained a denial of service vulnerability in how it handled processing JPEG files, due to it not limiting the recursion depth when processing JPEG thumbnails. Other bugs have also been corrected in 0.94.2 which is being provided with this update.
35fecd23a5aeae1c99deae3ea5df20bfa9aa4979403f08183c3e9bff3ac71281Secunia Security Advisory - Debian has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
55108231329adb7013efbcc75ad3fdb4a9b129e6f81d929055974b450a4de377Debian Security Advisory 1680-1 - Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050).
5fef039bd5fe94fc3f5cd4e925d326a2dc6daffed4198f3b8139a06c7c0806baStack overflow proof of concept exploit for ClamAV versions below 0.94.2 that relates to JPG file handling.
11ba6b901379b36aec1e547cdd2b46c5414e47c37f905cf76a0760aedecd9e39Secunia Security Advisory - Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
ac28ce5815cff6bb62d2f1f5d39b584af84ff28f9e78913c78b7d3974d2f22d9Ubuntu Security Notice USN-684-1 - Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG information. If a remote attacker sent a specially crafted JPEG file, ClamAV would crash, leading to a denial of service.
5c8899726dcf98978ec543c8ef9b6ca47ab603f8115e8ae5ea8bb3d611123817Secunia Security Advisory - A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service).
f784c05a287c4f67447021cdcf57f0b01e859e165e1ab9d5652fccb95227b07f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed