TK53 Advisory 2 - Multiple vulnerabilities exist in ClamAV version 0.92 including a race condition and bypass flaws.
60f282650db36b99a8714bd90bc91b916c65759e7573026b8b48aaf66bad3ad2Secunia Security Advisory - Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
c2857782fa6eb28b2ac11d41f5b7558b08e2a62c1e3d4dab81a6df71a250803bUbuntu Security Notice USN-672-1 - Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project. If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service.
5591f8bfd9a712215bbb27393c0617338cbf431dbb61987d0e32ae9de617ba18Mandriva Linux Security Advisory - An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file. Other bugs have also been corrected in 0.94.1 which is being provided with this update.
e1aab69495ae010aa0a9d6938ae571c19e5e88391968e5aa2b5b8c8d698fc850Secunia Security Advisory - Fedora has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
e684c549557dc301a72d6b8fafec108e5621bf83b62c5551fd37207a29811050Pardus Linux Security Advisory 2008-71 -ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the 'clamd' process by sending an email with a prepared attachment.
930f71b9add142ea985cb6e2db72995a5489fb4d104b8caa4ec7c49cf5342b5fSecunia Security Advisory - Moritz Jodeit has reported a vulnerability in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
da1baf4416765abe8fd662b56db4e907f78eefaf6345b373639c4b8ac02ecaa4ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the 'clamd' process by sending an email with a prepared attachment. Versions below 0.94.1 are affected.
6cc70ca47bd8e70a162e0b466166e4ae4e11b76c25c6b31b93bb29214c73de19Secunia Security Advisory - Debian has issued an update for clamav. This fixes some vulnerabilities, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service).
c1b16dcf02bd06805fb02b19e7ddf1914bddc143a627586ada808a275b5670eaDebian Security Advisory 1660-1 - Several denial-of-service vulnerabilities have been discovered in the ClamAV anti-virus toolkit. These include insufficient checking for out-of-memory conditions results in null pointer dereferences, and incorrect error handling logic leads to memory leaks and file descriptor leaks.
3a3e8273e0a97c927616f522b6334478668137e69c4b1447e26f6fa7a0715fefSecunia Security Advisory - Gentoo has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
c1e4c8fc149e3b11286fec2466977a1d913d272a8a23d6df9a0c1829fb752968Gentoo Linux Security Advisory GLSA 200809-18 - Multiple vulnerabilities in ClamAV may result in a Denial of Service. Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files (CVE-2008-1389). Other unspecified vulnerabilities were also reported, including a NULL pointer dereference in libclamav (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913), and file descriptor leaks in libclamav/others.c and libclamav/sis.c (CVE-2008-3914). Versions less than 0.94 are affected.
0f8d8ad864ec3633e4123d3636f3ea400f7979db302a26062a9e318e73734b0fSecunia Security Advisory - Astaro has issued an update for ClamAV. This fixes some vulnerabilities, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service).
6384b8481031823ac9d3402f4f5a104f312ff8fe1cb9edb1c3f40e533bf966cfMandriva Linux Security Advisory - Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release. A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file. A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition. Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption. A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks. Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. The previous update had experimental support enabled, which caused ClamAV to report the version as 0.94-exp rather than 0.94, causing ClamAV to produce bogus warnings about the installation being outdated. This update corrects that problem.
7fed0fc5a456da386e0f0d493038985b933c7c0ca06e6ca0f353d56bc41c15feMandriva Linux Security Advisory - Multiple vulnerabilities were discovered in ClamAV and corrected with A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file. A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition. Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption. A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks. Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided.
e3e5612fe4dc57594536a9fefd90bc594ac416af8c4f0962cb928ff5b41b7027Pardus Linux Security Advisory - Multiple vulnerabilities have been discovered in Clamav including a DoS (Denial of Service) vulnerability and memory leaks.
2331c30928290a28bfd081bc7ad6f8d8dbfe7c81e96370e17f7a6bef9463794eA fuzzing test against ClamAV versions below 0.94 discovered that they suffer from a chm file parsing vulnerability which can possibly be exploited.
e250a5f0d10ff7b3553d66f2c5e2679545b01252c627bd11aee974decdecce50Secunia Security Advisory - A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service).
51df86400ac6e4ba4cf2f0486348bb50db20f2f3bdc9cc74bdbf00349fd04e28Secunia Security Advisory - Astaro has issued an update for ClamAV. This fixes some vulnerabilities, which potentially can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a vulnerable system.
d5fb6a480ab863ab2ddf5ed9b862512bbe1d9c26ab2b7b3a7ea355c4ffdc3050ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
7b7a89ce2b6faf847dddb51487bbd1c34427976b52f2cac42496c18584edfb37ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
a579badec7e234710ee75cc8b2bf53bde89b620fea98e4179a88079f9f52bfd2Secunia Security Advisory - Gentoo has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
69f79ffbc0c1600c7c781c982a01986897e35b864bd2718a1d82f23cc908d40dGentoo Linux Security Advisory GLSA 200808-07 - Damian Put has discovered an out-of-bounds memory access while processing Petite files (CVE-2008-2713, CVE-2008-3215). Also, please note that the 0.93 ClamAV branch fixes the first of the two attack vectors of CVE-2007-6595 concerning an insecure creation of temporary files vulnerability. The sigtool attack vector seems still unfixed. Versions less than 0.93.3 are affected.
72e5ff72652f3e908577cc6bcfb0e2b935ef32a1138deaa2c92eaaa5dc59473bDebian Security Advisory 1616-2 - This update corrects a packaging and build error in the packages released in DSA-1616-1. Those packages, while functional, did not actually apply the fix intended. This update restores the fix to the package build; no other changes are introduced. Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
51275dc8498a1260ec4a99764c2986c3d3164b4dc36a15ff51cec45f58d14d6aSecunia Security Advisory - Debian has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b651a537787827d88846c5ec5797f01b6c75641a8809fad3dfae62d5f6c70ec7Debian Security Advisory 1616-1 - Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
53d2d5e8934a297dfc89e1f10ffc3e070c9fb65df9d21b132165a4b8f84908d5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed