| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4694FCD7.6080902@metaeye.org> Date: Wed, 11 Jul 2007 21:22:55 +0530 From: Metaeye SG <contact@...aeye.org> To: full-disclosure@...ts.grok.org.uk Subject: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vendor - ------ Clam Antivirus (http://www.clamav.net) Product - ------- Clamav (libclamav) Versions Affected - ----------------- All before 0.91 Severity - -------- Moderate Issue - ----- Clamav crashes due to processing of standard filters in RAR VM, while processing a corrupted RAR file. Processing the corrupted file results in a null pointer deference. Impact - ------ Processing the corrupted file will result in crashing of clamscan application and clamd daemon. Fix - --- Upgrade to version 0.91. PoC - --- http://www.metaeye.org/codes/corrupted.rar Vendor Status - ------------- Reported: 25/06/2007 Fixed: 11/07/2007 References - ---------- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555 http://www.metaeye.org/advisories/54 Metaeye SG // http://www.metaeye.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGlPzXgHlN5ncUR6wRAsjSAJ9/AQDZBJBYywO/8m3EUCgMUXBlQgCfWiL8 f3Hq+HVMtsVrs1W+HOpI+kk= =t5nN -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists