Denial of Service : ClamAV < 0.94 Invalid Memory Access DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900117

Categoría: Denial of Service

Título: ClamAV < 0.94 Invalid Memory Access DoS Vulnerability

Resumen: ClamAV is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
ClamAV is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw exists due to an invalid memory access in chmunpack.c
file, when processing a malformed CHM file.

Vulnerability Impact:
Successful remote exploitation will allow attackers to cause
the application to crash.

Affected Software/OS:
ClamAV versions prior to 0.94.

Solution:
Update to version 0.94 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1389
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 30994
http://www.securityfocus.com/bid/30994
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html
http://security.gentoo.org/glsa/glsa-200809-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:189
http://int21.de/cve/CVE-2008-1389-clamav-chd.html
http://www.securitytracker.com/id?1020805
http://secunia.com/advisories/31725
http://secunia.com/advisories/31906
http://secunia.com/advisories/31982
http://secunia.com/advisories/32030
http://secunia.com/advisories/32222
http://secunia.com/advisories/32699
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://www.vupen.com/english/advisories/2008/2484
http://www.vupen.com/english/advisories/2008/2564
http://www.vupen.com/english/advisories/2008/2780

Copyright Copyright (C) 2008 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900117
Categoría:	Denial of Service
Título:	ClamAV < 0.94 Invalid Memory Access DoS Vulnerability
Resumen:	ClamAV is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: ClamAV is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw exists due to an invalid memory access in chmunpack.c file, when processing a malformed CHM file. Vulnerability Impact: Successful remote exploitation will allow attackers to cause the application to crash. Affected Software/OS: ClamAV versions prior to 0.94. Solution: Update to version 0.94 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1389 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 30994 http://www.securityfocus.com/bid/30994 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html http://security.gentoo.org/glsa/glsa-200809-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:189 http://int21.de/cve/CVE-2008-1389-clamav-chd.html http://www.securitytracker.com/id?1020805 http://secunia.com/advisories/31725 http://secunia.com/advisories/31906 http://secunia.com/advisories/31982 http://secunia.com/advisories/32030 http://secunia.com/advisories/32222 http://secunia.com/advisories/32699 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.vupen.com/english/advisories/2008/2484 http://www.vupen.com/english/advisories/2008/2564 http://www.vupen.com/english/advisories/2008/2780
Copyright	Copyright (C) 2008 Greenbone Networks GmbH