Full Disclosure mailing list archives
Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.
From: Metaeye SG <contact () metaeye org>
Date: Wed, 11 Jul 2007 20:43:03 +0530
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vendor - ------ Clam Antivirus (http://www.clamav.net) Product - ------- Clamav (libclamav) Versions Affected - ----------------- All before 0.91 Severity - -------- Moderate Issue - ----- Clamav crashes due to processing of standard filters in RAR VM, while processing a corrupted RAR file. Processing the corrupted file results in a null pointer deference. Impact - ------ Processing the corrupted file will result in crashing of clamscan application and clamd daemon. Fix - --- Upgrade to version 0.91. PoC - --- http://www.metaeye.org/codes/corrupted.rar Vendor Status - ------------- Reported: 25/06/2007 Fixed: 11/07/2007 References - ---------- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555 http://www.metaeye.org/advisories/54 Metaeye SG // http://www.metaeye.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGlPN/gHlN5ncUR6wRAo1AAJ9dNI51Y4t5BRG3aqIUHPih8cJQ7ACfVrW1 21o5Oadk6A7OVGhdzJph2gk= =YuBi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Metaeye SG (Jul 11)
- <Possible follow-ups>
- Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Metaeye SG (Jul 11)
- Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Noam Rathaus (Jul 11)
- Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Metaeye SG (Jul 11)
- Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Noam Rathaus (Jul 11)