[Secure-testing-commits] r2669 - data/DTSA/advs
Micah Anderson
micah at costa.debian.org
Sat Nov 5 06:36:54 UTC 2005
Author: micah
Date: 2005-11-05 06:36:53 +0000 (Sat, 05 Nov 2005)
New Revision: 2669
Modified:
data/DTSA/advs/21-clamav.adv
Log:
Updated advisory with CVE numbers and descriptions
Modified: data/DTSA/advs/21-clamav.adv
===================================================================
--- data/DTSA/advs/21-clamav.adv 2005-11-05 00:29:44 UTC (rev 2668)
+++ data/DTSA/advs/21-clamav.adv 2005-11-05 06:36:53 UTC (rev 2669)
@@ -1,10 +1,10 @@
source: clamav
date: November 3rd, 2005
author: Micah Anderson
-vuln-type: Denial of service
+vuln-type: Denial of service vulnerabilities and buffer overflow
problem-scope: remote
debian-specific: no
-cve: CVE-2005-3239
+cve: CVE-2005-3239 CVE-2005-3500 CVE-2005-3501 CVE-2005-3303
testing-fix: 0.87.1-0etch.1
sid-fix: 0.87.1
upgrade: apt-get upgrade
@@ -18,11 +18,22 @@
by sending a DOC file with an invalid property tree, triggering
an infinite recursion.
- A possible denial of service has been found in
- libclamav/tnef.c (IDEF1169)
+CVE-2005-3500
- A possible debian of service has been found in
- libclamav/mspack/cabd.c (IDEF1180)
+ The tnef_attachment function in Clam AntiVirus before 0.87.1
+ allows remote attackers to cause a denial of service, through
+ an infinate loop and memory exhaustion, by crafting a CAB file
+ with a value that causes ClamAV to repeatedly scan the same block
- Buffer size calculation could be by-passed due to a vulnerability
- in libclamav/fsg.c (ZDI-CAN-004)
+CVE-2005-3501
+
+ The cabd_find function in of the libmspack library in Clam AntiVirus
+ before 0.87.1 allows remote attackers to cause a denial of service
+ via a crafted CAB file that causes cabd_find to be called with a zero
+ length.
+
+CVE-2005-3303
+
+ The FSB unpacker in Clam AntiVirus 0.80 through 0.87 allows
+ remote attackers to cause memory corruption and execute arbitrary
+ code via a crafted FSG 1.33 file.
More information about the Secure-testing-commits
mailing list