[Pkg-clamav-devel] ClamAV. again
Stephen Gran
sgran at debian.org
Sun Oct 26 11:12:17 UTC 2008
This one time, at band camp, Florian Weimer said:
> * Michael Tautschnig:
>
> >> > So shall we go ahead with the -4etch15 version, as uploaded?
> >>
> >> Unless anyone has any objections, I'd say yes.
> >
> > No objections from my POV.
>
> Okay. I haven't followed this update from the beginning, and the
> upstream bugs are still blocked, so I'd like to see input on the
> following description for the DSA:
>
> Several denial-of-service vulnerabilities have been discovered in
> the ClamAV anti-virus toolkit:
>
> Insufficient checking for out-of-memory conditions results in null
> pointer derefences (CVE-2008-3912).
>
> Incorrect error handling logic leads to memory leaks (CVE-2008-3913)
> and file descriptor leaks (CVE-2008-3914).
That seems quite reasonable and accurate.
> Are the vulnerabilities really exploitable to cause permanent damages?
> The patches suggest they are very minor.
I don't think permanent damage, no. The null pointer dereferences will
crash clamd, so it's a DoS. The others will slowly leak over time
(particularly on html mail) until they create a DoS. I don't believe
there are any code execution possibilities this time around.
Cheers,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran at debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20081026/534945e8/attachment.pgp
More information about the Pkg-clamav-devel
mailing list