From: Hanno =?utf-8?q?B=C3=B6ck?= <hanno@hboeck.de.>
To: [email protected], [email protected]Subject: clamav: Endless loop / hang with crafter arj, CVE-2008-1387
Date: Tue, 15 Apr 2008 12:07:43 +0200
User-Agent: KMail/1.9.9
Cc: [email protected], [email protected]
MIME-Version: 1.0
Content-Type: multipart/signed;
boundary="nextPart2979974.EHLovl7PBj";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200804151207.46257.hanno@hboeck.de.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
--nextPart2979974.EHLovl7PBj
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Advisory published at:
http://int21.de/cve/CVE-2008-1387-clamav.html
clamav: Endless loop / hang with crafter arj, CVE-2008-1387
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-1387
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Description
CERT-FI published an advisory with a large number of samples of crafted=20
archives.
The file with the md5sum b6046d890e6bd304e3756c88b989559a (named=20
b6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load.
If you're running clamav on a mailserver, an attacker can DoS your Server=20
remotely by sending some mails with the archive attached.
Workaround/Fix
clamav 0.93 fixes this issue beside other security issues, if you're runnin=
g=20
clamav you should upgrade as soon as possible.
Disclosure Timeline
2008-03-17 CERT-FI publishes advisory
2008-03-26 Vendor contacted
2008-03-27 Vendor approves issue
2008-04-14 Vendor releases 0.93
2008-04-16 Advisory published
CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the nam=
e=20
CVE-2008-1387 to this issue. This is a candidate for inclusion in the CVE=20
list (http://cve.mitre.org/), which standardizes names for security problem=
s.
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosti=
ng.=20
It's licensed under the creative commons attribution license.
Hanno Boeck, 2008-04-16, http://www.hboeck.de
=2D-=20
Hanno B=C3=B6ck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail: [email protected]
--nextPart2979974.EHLovl7PBj
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEABECAAYFAkgEfnIACgkQr2QksT29OyAz3gCcC6+q3PRfCrXrN+AKZaGV5QAo
ZIAAn322YmTigGOgVsLZ7BeXyJ7rH4eE
=hbR3
-----END PGP SIGNATURE-----
--nextPart2979974.EHLovl7PBj--
