Re: CVE request: ClamAV vulnerabilities

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/29/2013 06:35 PM, George Theall wrote:
> On Nov 29, 2013, at 12:58 PM, Kurt Seifried <kseifried () redhat com>
> wrote:
>
> On 11/29/2013 02:20 AM, Sergey Popov wrote:
> > > > It's a bit late, but i would like to request CVE for two 
> > > > vulnerabilities, that present in ClamAV before 0.97.7[1]:
> > > >
> > > > 1) A double-free error exists within the 
> > > > "unrar_extract_next_prepare()" function 
> > > > (libclamunrar_iface/unrar_iface.c) when parsing a RAR file.
> > > >
> > > > 2) An unspecified error within the "wwunpack()" function 
> > > > (libclamav/wwunpack.c) when unpacking a WWPack file can be 
> > > > exploited to corrupt heap memory.
> > > >
> > > > [1] - https://secunia.com/advisories/52647/
>
> The blog entry
>
> http://blog.clamav.net/2013/03/clamav-0977-has-been-released.html
>
> contains no mention of security flaws,
>
> > Hrm, at least the copy I see says “ClamAV 0.97.7 addresses
> > several reported potential security bugs.”. While it doesn’t
> > identify the issues per se, it does at least indicate this is a
> > security release.
>
> > Jan Lieskovsky talked about both of these last March — see
> > <http://seclists.org/oss-sec/2013/q1/672>. The double-free was
> > fixed in this commit :
>
> > https://github.com/vrtadmin/clamav-devel/commit/b2212def1bb92b5ac45c82da100dc0d1376de6a3
>
> >  and the 'wwunpack()’ issue maps to :
>
> > https://bugzilla.clamav.net/show_bug.cgi?id=6806
>
> > Hope that helps,
>
>
> Also the ChangeLog:
>
> https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog
>
> Doesn't contain any mention of the above flaws. Can you provide
> links to source code/bug reports or something so I can verify this?
> Thanks.

Just a heads up I know at least one person is trying to get details
from SourceFire (they bought ClamAV some time back). Until I can match
issues up I can't assign CVEs.

> George

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSop/OAAoJEBYNRVNeJnmTOl8P/3F+8wBFgC2AHXllbYnPa4ZP
HDYbDCaTsqNQdBdFyZuKuwN7UbnUnXL2HYm+VQrRf6HeMjXj4ghPBasnzwQrHhcR
9wlBvKwDJkn5LRQJItHZ7AG6T3FlkKA2ksFFkzLgKmRgT+aW3TVlj6MJP8uaD5KQ
kivaiXwToPNGz8u/HiDB9DLDBDz+ObImhNQEClmrQkPLUFVGmShkp6UZGVen7MiH
9iCrvtxHQ12fevdXfqOHFuFCtrn6X23Y8uccCWdAZWFx0t8dlhC0loXugIrnL0xv
kxoSsDAMtPWB1FkO31hVSFXlvPSe90Ji7k1Yow9hThncL3qbcWQJ7hR31qVQeEkp
dXBwLAXbi5Bd2zZJvpGtyDfPKJtgzqtXTMQXSeWj2FcSkBqk9sOjn8tCyoCiBNF7
V2ayPrW/PCaVhDsCtwICbbKSnz+M7hIc6ggCK7Ng4QcvBRXkAM6k07+H5S9VBmdu
BowhiVPSjErHUDqL4llHjnfmBS44FatEWkyz13/9nh5+avHAX48vQp8FFm1oqPvc
K/AlfVNFXkp1GF2bb/j7qqkv9J7fTqyIN6zFM8BrDjCb8QZZ98CtAlYnIh4UVTRE
IOEGGVY/2qdYP+p6+1TXeDq83uK7uXve/8Sbg0X8mWe4wGkZIgkx5Ymi5yXgmIr5
WXq9kVEcAGVG3C55rNZX
=1yV3
-----END PGP SIGNATURE-----