oss-sec mailing list archives
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 23 Apr 2009 15:40:48 -0400 (EDT)
====================================================== Name: CVE-2009-1371 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371 Reference: CONFIRM:http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032 Reference: CONFIRM:https://launchpad.net/bugs/360502 Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552 Reference: UBUNTU:USN-756-1 Reference: URL:http://www.ubuntu.com/usn/usn-756-1 Reference: BID:34446 Reference: URL:http://www.securityfocus.com/bid/34446 Reference: OSVDB:53602 Reference: URL:http://osvdb.org/53602 Reference: SECTRACK:1022028 Reference: URL:http://www.securitytracker.com/id?1022028 Reference: SECUNIA:34612 Reference: URL:http://secunia.com/advisories/34612 Reference: SECUNIA:34654 Reference: URL:http://secunia.com/advisories/34654 Reference: VUPEN:ADV-2009-0985 Reference: URL:http://www.vupen.com/english/advisories/2009/0985 The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. ====================================================== Name: CVE-2009-1372 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372 Reference: CONFIRM:http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032 Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553 Reference: BID:34446 Reference: URL:http://www.securityfocus.com/bid/34446 Reference: OSVDB:53603 Reference: URL:http://osvdb.org/53603 Reference: SECTRACK:1022028 Reference: URL:http://www.securitytracker.com/id?1022028 Reference: SECUNIA:34612 Reference: URL:http://secunia.com/advisories/34612 Reference: VUPEN:ADV-2009-0985 Reference: URL:http://www.vupen.com/english/advisories/2009/0985 Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.
Current thread:
- CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Thomas Biege (Apr 07)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde (Apr 07)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Jamie Strandboge (Apr 07)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde (Apr 07)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Jamie Strandboge (Apr 07)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Steven M. Christey (Apr 08)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Tomas Hoger (Apr 09)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Hanno Böck (Apr 09)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Marcus Meissner (Apr 09)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Marcus Meissner (Apr 22)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Steven M. Christey (Apr 23)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Hanno Böck (Apr 09)
- Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde (Apr 07)