Full Disclosure mailing list archives
Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.
From: Noam Rathaus <noamr () beyondsecurity com>
Date: Wed, 11 Jul 2007 18:32:53 +0300
Hi, The vulnerability also affects unrar (3.70 beta 3 freeware by Alexander Roshal), as it tries to read a negative location from a pointer reference in the SET_VALUE(false,Data,Addr-Offset) function (found in rarvm.cpp). The values of Addr is 1666528 while Offset is 4546004 which of course results in -2879476 being accessed, or "even better" the value of 4292087820 as it is casted to an unsigned value without checking. On Wednesday 11 July 2007 18:13:03 Metaeye SG wrote:
Vendor ------ Clam Antivirus (http://www.clamav.net) Product ------- Clamav (libclamav) Versions Affected ----------------- All before 0.91 Severity -------- Moderate Issue ----- Clamav crashes due to processing of standard filters in RAR VM, while processing a corrupted RAR file. Processing the corrupted file results in a null pointer deference. Impact ------ Processing the corrupted file will result in crashing of clamscan application and clamd daemon. Fix --- Upgrade to version 0.91. PoC --- http://www.metaeye.org/codes/corrupted.rar Vendor Status ------------- Reported: 25/06/2007 Fixed: 11/07/2007 References ---------- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555 http://www.metaeye.org/advisories/54 Metaeye SG // http://www.metaeye.org
-- Noam Rathaus CTO 1616 Anderson Rd. McLean, VA 22102 Tel: 703.286.7725 extension 105 Fax: 888.667.7740 noamr () beyondsecurity com http://www.beyondsecurity.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Metaeye SG (Jul 11)
- <Possible follow-ups>
- Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Metaeye SG (Jul 11)
- Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Noam Rathaus (Jul 11)
- Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Metaeye SG (Jul 11)
- Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Noam Rathaus (Jul 11)