| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jul 2007 18:32:53 +0300 From: Noam Rathaus <noamr@...ondsecurity.com> To: contact@...aeye.org Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. Hi, The vulnerability also affects unrar (3.70 beta 3 freeware by Alexander Roshal), as it tries to read a negative location from a pointer reference in the SET_VALUE(false,Data,Addr-Offset) function (found in rarvm.cpp). The values of Addr is 1666528 while Offset is 4546004 which of course results in -2879476 being accessed, or "even better" the value of 4292087820 as it is casted to an unsigned value without checking. On Wednesday 11 July 2007 18:13:03 Metaeye SG wrote: > Vendor > ------ > Clam Antivirus (http://www.clamav.net) > > Product > ------- > Clamav (libclamav) > > Versions Affected > ----------------- > All before 0.91 > > Severity > -------- > Moderate > > Issue > ----- > Clamav crashes due to processing of standard filters in RAR VM, while > processing a corrupted RAR file. Processing the corrupted file results in a > null pointer deference. > > Impact > ------ > Processing the corrupted file will result in crashing of clamscan > application and clamd daemon. > > Fix > --- > Upgrade to version 0.91. > > PoC > --- > http://www.metaeye.org/codes/corrupted.rar > > Vendor Status > ------------- > Reported: 25/06/2007 > Fixed: 11/07/2007 > > > References > ---------- > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555 > http://www.metaeye.org/advisories/54 > > > > Metaeye SG // http://www.metaeye.org -- Noam Rathaus CTO 1616 Anderson Rd. McLean, VA 22102 Tel: 703.286.7725 extension 105 Fax: 888.667.7740 noamr@...ondsecurity.com http://www.beyondsecurity.com
Powered by blists - more mailing lists