[gentoo-announce] [ GLSA 200706-05 ] ClamAV: Multiple Denials of Service - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200706-05 ] ClamAV: Multiple Denials of Service
Date:	Fri, 15 Jun 2007 17:06:38
Message-Id:	`20070615163510.GD12623@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200706-05

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: ClamAV: Multiple Denials of Service

9

      Date: June 15, 2007

10

      Bugs: #178082

11

        ID: 200706-05

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

ClamAV contains several vulnerabilities leading to a Denial of Service.

19

20

Background

21

==========

22

23

ClamAV is a GPL virus scanner.

24

25

Affected packages

26

=================

27

28

    -------------------------------------------------------------------

29

     Package               /  Vulnerable  /                 Unaffected

30

    -------------------------------------------------------------------

31

  1  app-antivirus/clamav      < 0.90.3                      >= 0.90.3

32

33

Description

34

===========

35

36

Several vulnerabilities were discovered in ClamAV by various

37

researchers:

38

39

* Victor Stinner (INL) discovered that the OLE2 parser may enter in

40

  an infinite loop (CVE-2007-2650).

41

42

* A boundary error was also reported by an anonymous researcher in

43

  the file unsp.c, which might lead to a buffer overflow

44

  (CVE-2007-3023).

45

46

* The file unrar.c contains a heap-based buffer overflow via a

47

  modified vm_codesize value from a RAR file (CVE-2007-3123).

48

49

* The RAR parsing engine can be bypassed via a RAR file with a header

50

  flag value of 10 (CVE-2007-3122).

51

52

* The cli_gentempstream() function from clamdscan creates temporary

53

  files with insecure permissions (CVE-2007-3024).

54

55

Impact

56

======

57

58

A remote attacker could send a specially crafted file to the scanner,

59

possibly triggering one of the vulnerabilities. The two buffer

60

overflows are reported to only cause Denial of Service. This would lead

61

to a Denial of Service by CPU consumption or a crash of the scanner.

62

The insecure temporary file creation vulnerability could be used by a

63

local user to access sensitive data.

64

65

Workaround

66

==========

67

68

There is no known workaround at this time.

69

70

Resolution

71

==========

72

73

All ClamAV users should upgrade to the latest version:

74

75

    # emerge --sync

76

    # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.90.3"

77

78

References

79

==========

80

81

  [ 1 ] CVE-2007-2650

82

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650

83

  [ 2 ] CVE-2007-3023

84

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3023

85

  [ 3 ] CVE-2007-3024

86

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3024

87

  [ 4 ] CVE-2007-3122

88

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3122

89

  [ 5 ] CVE-2007-3123

90

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3123

91

92

Availability

93

============

94

95

This GLSA and any updates to it are available for viewing at

96

the Gentoo Security Website:

97

98

  http://security.gentoo.org/glsa/glsa-200706-05.xml

99

100

Concerns?

101

=========

102

103

Security is a primary focus of Gentoo Linux and ensuring the

104

confidentiality and security of our users machines is of utmost

105

importance to us. Any security concerns should be addressed to

106

security@g.o or alternatively, you may file a bug at

107

http://bugs.gentoo.org.

108

109

License

110

=======

111

112

Copyright 2007 Gentoo Foundation, Inc; referenced text

113

belongs to its owner(s).

114

115

The contents of this document are licensed under the

116

Creative Commons - Attribution / Share Alike license.

117

118

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200706-05
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: ClamAV: Multiple Denials of Service
9	Date: June 15, 2007
10	Bugs: #178082
11	ID: 200706-05
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	ClamAV contains several vulnerabilities leading to a Denial of Service.
19
20	Background
21	==========
22
23	ClamAV is a GPL virus scanner.
24
25	Affected packages
26	=================
27
28	-------------------------------------------------------------------
29	Package / Vulnerable / Unaffected
30	-------------------------------------------------------------------
31	1 app-antivirus/clamav < 0.90.3 >= 0.90.3
32
33	Description
34	===========
35
36	Several vulnerabilities were discovered in ClamAV by various
37	researchers:
38
39	* Victor Stinner (INL) discovered that the OLE2 parser may enter in
40	an infinite loop (CVE-2007-2650).
41
42	* A boundary error was also reported by an anonymous researcher in
43	the file unsp.c, which might lead to a buffer overflow
44	(CVE-2007-3023).
45
46	* The file unrar.c contains a heap-based buffer overflow via a
47	modified vm_codesize value from a RAR file (CVE-2007-3123).
48
49	* The RAR parsing engine can be bypassed via a RAR file with a header
50	flag value of 10 (CVE-2007-3122).
51
52	* The cli_gentempstream() function from clamdscan creates temporary
53	files with insecure permissions (CVE-2007-3024).
54
55	Impact
56	======
57
58	A remote attacker could send a specially crafted file to the scanner,
59	possibly triggering one of the vulnerabilities. The two buffer
60	overflows are reported to only cause Denial of Service. This would lead
61	to a Denial of Service by CPU consumption or a crash of the scanner.
62	The insecure temporary file creation vulnerability could be used by a
63	local user to access sensitive data.
64
65	Workaround
66	==========
67
68	There is no known workaround at this time.
69
70	Resolution
71	==========
72
73	All ClamAV users should upgrade to the latest version:
74
75	# emerge --sync
76	# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.90.3"
77
78	References
79	==========
80
81	[ 1 ] CVE-2007-2650
82	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650
83	[ 2 ] CVE-2007-3023
84	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3023
85	[ 3 ] CVE-2007-3024
86	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3024
87	[ 4 ] CVE-2007-3122
88	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3122
89	[ 5 ] CVE-2007-3123
90	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3123
91
92	Availability
93	============
94
95	This GLSA and any updates to it are available for viewing at
96	the Gentoo Security Website:
97
98	http://security.gentoo.org/glsa/glsa-200706-05.xml
99
100	Concerns?
101	=========
102
103	Security is a primary focus of Gentoo Linux and ensuring the
104	confidentiality and security of our users machines is of utmost
105	importance to us. Any security concerns should be addressed to
106	security@g.o or alternatively, you may file a bug at
107	http://bugs.gentoo.org.
108
109	License
110	=======
111
112	Copyright 2007 Gentoo Foundation, Inc; referenced text
113	belongs to its owner(s).
114
115	The contents of this document are licensed under the
116	Creative Commons - Attribution / Share Alike license.
117
118	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce