Signature Detail
Short Name |
SMTP:DOS:CLAM-TNEF-DOS |
|---|---|
Severity |
High |
Recommended |
No |
Category |
SMTP |
Keywords |
Clam AntiVirus TNEF Processor Denial of Service |
Release Date |
2011/07/07 |
Update Number |
1951 |
Supported Platforms |
idp-4.0.110090709+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Clam AntiVirus TNEF Processor Denial of Service
This signature detects attempts to exploit a known vulnerability against Clam AntiVirus. A successful attack can result in a denial-of-service condition.
Extended Description
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed TNEF files. Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.
Affected Products
- Clam Anti-Virus ClamAV 0.51.0
- Clam Anti-Virus ClamAV 0.52.0
- Clam Anti-Virus ClamAV 0.53.0
- Clam Anti-Virus ClamAV 0.54.0
- Clam Anti-Virus ClamAV 0.60.0
- Clam Anti-Virus ClamAV 0.65.0
- Clam Anti-Virus ClamAV 0.67.0
- Clam Anti-Virus ClamAV 0.68.0
- Clam Anti-Virus ClamAV 0.68.0 -1
- Clam Anti-Virus ClamAV 0.70.0
- Clam Anti-Virus ClamAV 0.75.1
- Clam Anti-Virus ClamAV 0.80.0
- Clam Anti-Virus ClamAV 0.80.0 Rc1
- Clam Anti-Virus ClamAV 0.80.0 Rc2
- Clam Anti-Virus ClamAV 0.80.0 Rc3
- Clam Anti-Virus ClamAV 0.80.0 Rc4
- Clam Anti-Virus ClamAV 0.81.0
- Clam Anti-Virus ClamAV 0.82.0
- Clam Anti-Virus ClamAV 0.83.0
- Clam Anti-Virus ClamAV 0.84.0
- Clam Anti-Virus ClamAV 0.84.0 Rc1
- Clam Anti-Virus ClamAV 0.84.0 Rc2
- Clam Anti-Virus ClamAV 0.85.0
- Clam Anti-Virus ClamAV 0.85.1
- Clam Anti-Virus ClamAV 0.86.0
- Clam Anti-Virus ClamAV 0.86.0 .1
- Clam Anti-Virus ClamAV 0.86.2
- Clam Anti-Virus ClamAV 0.87.0
- Clam Anti-Virus ClamAV 0.87.0 -1
- Conectiva Linux 10.0.0
- Debian Linux 3.0.0
- Debian Linux 3.0.0 Alpha
- Debian Linux 3.0.0 Arm
- Debian Linux 3.0.0 Hppa
- Debian Linux 3.0.0 Ia-32
- Debian Linux 3.0.0 Ia-64
- Debian Linux 3.0.0 M68k
- Debian Linux 3.0.0 Mips
- Debian Linux 3.0.0 Mipsel
- Debian Linux 3.0.0 Ppc
- Debian Linux 3.0.0 S/390
- Debian Linux 3.0.0 Sparc
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Linux Mandrake 10.1.0
- Mandriva Linux Mandrake 10.1.0 X86 64
- Mandriva Linux Mandrake 10.2.0
- Mandriva Linux Mandrake 10.2.0 X86 64
- Mandriva Linux Mandrake 2006.0.0
- Mandriva Linux Mandrake 2006.0.0 X86 64
References
- BugTraq: 15316
- CVE: CVE-2005-3500