ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV CAB FileDenial of Service Vulnerability



И еще одна уязвимость в clamav - правда, существенно менее опасная.
Словом, надо обновляться...

> -----Original Message-----
> From: 
> idlabs-advisories-bounces+vladimir.kazennov=billing.ru@idefens
> e.com 
> [mailto:idlabs-advisories-bounces+vladimir.kazennov=billing.ru
> @idefense.com] On Behalf Of iDefense Labs Security Advisories
> Sent: Thursday, February 15, 2007 9:50 PM
> To: iDefense Labs Security Advisories
> Subject: iDefense Security Advisory 02.15.07: Multiple Vendor 
> ClamAV CAB FileDenial of Service Vulnerability
> 
> Multiple Vendor ClamAV CAB File Denial of Service Vulnerability
> 
> iDefense Security Advisory 02.15.07
> http://labs.idefense.com/intelligence/vulnerabilities/
> Feb 15, 2007
> 
> I. BACKGROUND
> 
> Clam AntiVirus is a multi-platform GPL anti-virus toolkit. 
> The main purpose
> of which is integration into electronic mail servers. More information
> about ClamAV can be found at http://clamav.net/. Microsoft 
> CAB files are
> the native compressed file format for Windows.
> 
> II. DESCRIPTION
> 
> Remote exploitation of a resource consumption vulnerability in Clam
> AntiVirus' ClamAV allows attackers to degrade the service of the clamd
> scanner.
> 
> The vulnerability specifically exists due to a file 
> descriptor leak.  When
> clam encounters a cabinet header with a record length of zero it will
> return from a function without closing a local file 
> descriptor. This can
> be triggered multiple times, eventually using up all but three of its
> available file descriptors. This prevents clam from scanning most
> archives, including zip and tar files.
> 
> III. ANALYSIS
> 
> Exploitation allows attackers to degrade the functionality of 
> the ClamAV
> virus scanning service. Exploitation requires that attackers send a
> specially constructed CAB file through an e-mail gateway or personal
> anti-virus client using the ClamAV scanning engine.
> 
> When ClamAV is unable to scan an archive successfully because 
> it has run
> out of descriptors, it will return an error status. Several 
> mail servers
> that use clam were tested to see how they handled this 
> status. Exim, as of
> version 4.50, features an option to build clamd support into 
> it. It will
> reject a mail if clamd fails to scan it properly. Amavisd 
> will also deny a
> mail that clamd cannot properly scan. This vulnerability can 
> be used to
> deny service to users trying to send legitimate archives 
> through the mail
> gateway.
> 
> IV. DETECTION
> 
> iDefense has confirmed this vulnerability affects Clam 
> AntiVirus ClamAV
> v0.90RC1.1. All versions prior to the 0.90 stable release are 
> suspected
> to be
> vulnerable.
> 
> V. WORKAROUND
> 
> iDefense is unaware of any effective workarounds for this issue.
> 
> VI. VENDOR RESPONSE
> 
> Clam AntiVirus has addressed this vulnerability in the 
> version 0.90 stable
> release.
> 
> VII. CVE INFORMATION
> 
> The Common Vulnerabilities and Exposures (CVE) project has 
> assigned the
> name CVE-2007-0897 to this issue. This is a candidate for inclusion in
> the CVE list (http://cve.mitre.org/), which standardizes names for
> security problems.
> 
> VIII. DISCLOSURE TIMELINE
> 
> 02/07/2007  Initial vendor notification
> 02/13/2007  Initial vendor response
> 02/15/2007  Coordinated public disclosure
> 
> IX. CREDIT
> 
> The discoverer of this vulnerability wishes to remain anonymous.
> 
> Get paid for vulnerability research
> http://labs.idefense.com/methodology/vulnerability/vcp.php
> 
> Free tools, research and upcoming events
> http://labs.idefense.com/
> 
> X. LEGAL NOTICES
> 
> Copyright © 2006 iDefense, Inc.
> 
> Permission is granted for the redistribution of this alert 
> electronically.
> It may not be edited in any way without the express written consent of
> iDefense. If you wish to reprint the whole or any part of 
> this alert in
> any other medium other than electronically, please e-mail
> customerservice@xxxxxxxxxxxx for permission.
> 
> Disclaimer: The information in the advisory is believed to be 
> accurate at
> the time of publishing based on currently available 
> information. Use of
> the information constitutes acceptance for use in an AS IS condition.
> There are no warranties with regard to this information. Neither the
> author nor the publisher accepts any liability for any 
> direct, indirect,
> or consequential loss or damage arising from use of, or 
> reliance on, this
> information.
> _______________________________________________
> To unsubscribe, go here:
> http://www.idefense.com/mailman/listinfo/idlabs-advisories
> 



 




Copyright © Lexa Software, 1996-2009.