This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:CLAMAV-CHM-DOS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
ClamAV AntiVirus CHM File Handling Denial of Service
|
Release Date |
2010/10/13
|
Update Number |
1791
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: ClamAV AntiVirus CHM File Handling Denial of Service
A Denial of Service vulnerability exists in the ClamAV AntiVirus product. The vulnerability can be triggered when the application processes crafted CHM files. An unauthenticated attacker can exploit this vulnerability by delivering a crafted file to the scanning engine to cause a denial of service. In an attack case, the affected ClamAV daemon will terminate. This might allow for further exploitation of the target system, exposing the system to other threats in absence of the AntiVirus daemon.
Extended Description
ClamAV is prone to a denial-of-service vulnerability because of invalid memory access errors when processing malformed CHM files.
Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
Versions prior to ClamAV 0.94 are vulnerable.
Affected Products
- Apple mac_os_x 10.4.0
- Apple mac_os_x 10.4.1
- Apple mac_os_x 10.4.10
- Apple mac_os_x 10.4.11
- Apple mac_os_x 10.4.2
- Apple mac_os_x 10.4.3
- Apple mac_os_x 10.4.4
- Apple mac_os_x 10.4.5
- Apple mac_os_x 10.4.6
- Apple mac_os_x 10.4.7
- Apple mac_os_x 10.4.8
- Apple mac_os_x 10.4.9
- Apple mac_os_x 10.5
- Apple mac_os_x 10.5.1
- Apple mac_os_x 10.5.2
- Apple mac_os_x 10.5.3
- Apple mac_os_x 10.5.4
- Apple mac_os_x 10.5.5
- Apple mac_os_x_server 10.4.0
- Apple mac_os_x_server 10.4.1
- Apple mac_os_x_server 10.4.10
- Apple mac_os_x_server 10.4.11
- Apple mac_os_x_server 10.4.2
- Apple mac_os_x_server 10.4.3
- Apple mac_os_x_server 10.4.4
- Apple mac_os_x_server 10.4.5
- Apple mac_os_x_server 10.4.6
- Apple mac_os_x_server 10.4.7
- Apple mac_os_x_server 10.4.8
- Apple mac_os_x_server 10.4.9
- Apple mac_os_x_server 10.5
- Apple mac_os_x_server 10.5.1
- Apple mac_os_x_server 10.5.2
- Apple mac_os_x_server 10.5.3
- Apple mac_os_x_server 10.5.4
- Apple mac_os_x_server 10.5.5
- Clam_anti-virus clamav 0.51.0
- Clam_anti-virus clamav 0.52.0
- Clam_anti-virus clamav 0.53.0
- Clam_anti-virus clamav 0.54.0
- Clam_anti-virus clamav 0.60.0
- Clam_anti-virus clamav 0.65.0
- Clam_anti-virus clamav 0.67.0
- Clam_anti-virus clamav 0.68.0
- Clam_anti-virus clamav 0.68.0 -1
- Clam_anti-virus clamav 0.70.0
- Clam_anti-virus clamav 0.75.1
- Clam_anti-virus clamav 0.80.0
- Clam_anti-virus clamav 0.80.0 Rc1
- Clam_anti-virus clamav 0.80.0 Rc2
- Clam_anti-virus clamav 0.80.0 Rc3
- Clam_anti-virus clamav 0.80.0 Rc4
- Clam_anti-virus clamav 0.81.0
- Clam_anti-virus clamav 0.82.0
- Clam_anti-virus clamav 0.83.0
- Clam_anti-virus clamav 0.84.0
- Clam_anti-virus clamav 0.84.0 Rc1
- Clam_anti-virus clamav 0.84.0 Rc2
- Clam_anti-virus clamav 0.85.0
- Clam_anti-virus clamav 0.85.1
- Clam_anti-virus clamav 0.86.0
- Clam_anti-virus clamav 0.86.0 .1
- Clam_anti-virus clamav 0.86.2
- Clam_anti-virus clamav 0.87.0
- Clam_anti-virus clamav 0.87.0 -1
- Clam_anti-virus clamav 0.87.1
- Clam_anti-virus clamav 0.88.0
- Clam_anti-virus clamav 0.88.1
- Clam_anti-virus clamav 0.88.2
- Clam_anti-virus clamav 0.88.3
- Clam_anti-virus clamav 0.88.4
- Clam_anti-virus clamav 0.88.5
- Clam_anti-virus clamav 0.88.6
- Clam_anti-virus clamav 0.90.0
- Clam_anti-virus clamav 0.90.1
- Clam_anti-virus clamav 0.90.2
- Clam_anti-virus clamav 0.90.3
- Clam_anti-virus clamav 0.91
- Clam_anti-virus clamav 0.91.1
- Clam_anti-virus clamav 0.91.2
- Clam_anti-virus clamav 0.92
- Clam_anti-virus clamav 0.92.1
- Clam_anti-virus clamav 0.93
- Clam_anti-virus clamav 0.93.1
- Gentoo linux
- Kolab kolab_groupware_server 2.0.1
- Kolab kolab_groupware_server 2.0.2
- Kolab kolab_groupware_server 2.0.3
- Kolab kolab_groupware_server 2.0.4
- Kolab kolab_groupware_server 2.1.0
- Kolab kolab_groupware_server 2.1Beta2
- Kolab kolab_groupware_server 2.2.0
- Kolab kolab_groupware_server 2.2 Beta1
- Kolab kolab_groupware_server 2.2 Beta3
- Kolab kolab_groupware_server 2.2-Rc1
- Kolab kolab_groupware_server 2.2 -Rc2
- Kolab kolab_groupware_server 2.2-Rc3
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva linux_mandrake 2007.1
- Mandriva linux_mandrake 2007.1 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Mandriva linux_mandrake 2008.1
- Mandriva linux_mandrake 2008.1 X86 64
- Red_hat fedora 9
- Suse opensuse 10.2
- Suse opensuse 10.3
- Suse opensuse 11.0
References