Denial of Service : ClamAV < 0.97.2 Hash Manager Off-By-One DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902726

Categoría: Denial of Service

Título: ClamAV < 0.97.2 Hash Manager Off-By-One DoS Vulnerability - Windows

Resumen: ClamAV is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
ClamAV is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is due to the way the hash manager of ClamAV scans
messages with certain hashes.

Vulnerability Impact:
Successful exploitation will allow attackers to provide a message
with specially-crafted hash signature in it, leading to denial of service (clamscan executable
crash).

Affected Software/OS:
ClamAV versions prior to 0.97.2 (3.0.3.6870).

Solution:
Update to version 0.97.2 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2721
1025858
http://securitytracker.com/id?1025858
45382
http://secunia.com/advisories/45382
46717
http://secunia.com/advisories/46717
48891
http://www.securityfocus.com/bid/48891
74181
http://www.osvdb.org/74181
FEDORA-2011-15033
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html
FEDORA-2011-15076
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html
FEDORA-2011-15119
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html
MDVSA-2011:122
http://www.mandriva.com/security/advisories?name=MDVSA-2011:122
USN-1179-1
http://www.ubuntu.com/usn/USN-1179-1
[oss-security] 20110726 CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes
http://www.openwall.com/lists/oss-security/2011/07/26/3
[oss-security] 20110726 Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes
http://www.openwall.com/lists/oss-security/2011/07/26/13
clamav-scan-dos(68785)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68785
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.97.2
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=4842733eb3f09be61caeed83778bb6679141dbc5
https://bugzilla.novell.com/show_bug.cgi?id=708263
https://bugzilla.redhat.com/show_bug.cgi?id=725694
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902726
Categoría:	Denial of Service
Título:	ClamAV < 0.97.2 Hash Manager Off-By-One DoS Vulnerability - Windows
Resumen:	ClamAV is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: ClamAV is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to the way the hash manager of ClamAV scans messages with certain hashes. Vulnerability Impact: Successful exploitation will allow attackers to provide a message with specially-crafted hash signature in it, leading to denial of service (clamscan executable crash). Affected Software/OS: ClamAV versions prior to 0.97.2 (3.0.3.6870). Solution: Update to version 0.97.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2721 1025858 http://securitytracker.com/id?1025858 45382 http://secunia.com/advisories/45382 46717 http://secunia.com/advisories/46717 48891 http://www.securityfocus.com/bid/48891 74181 http://www.osvdb.org/74181 FEDORA-2011-15033 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html FEDORA-2011-15076 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html FEDORA-2011-15119 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html MDVSA-2011:122 http://www.mandriva.com/security/advisories?name=MDVSA-2011:122 USN-1179-1 http://www.ubuntu.com/usn/USN-1179-1 [oss-security] 20110726 CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes http://www.openwall.com/lists/oss-security/2011/07/26/3 [oss-security] 20110726 Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes http://www.openwall.com/lists/oss-security/2011/07/26/13 clamav-scan-dos(68785) https://exchange.xforce.ibmcloud.com/vulnerabilities/68785 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.97.2 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=4842733eb3f09be61caeed83778bb6679141dbc5 https://bugzilla.novell.com/show_bug.cgi?id=708263 https://bugzilla.redhat.com/show_bug.cgi?id=725694 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818
Copyright	Copyright (C) 2011 Greenbone Networks GmbH