TUCoPS :: Security App Flaws :: bx2805.htm

clamav: Endless loop / hang with crafter arj, CVE-2008-1387
clamav: Endless loop / hang with crafter arj, CVE-2008-1387
clamav: Endless loop / hang with crafter arj, CVE-2008-1387



--nextPart2979974.EHLovl7PBj
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Advisory published at:
http://int21.de/cve/CVE-2008-1387-clamav.html 

clamav: Endless loop / hang with crafter arj, CVE-2008-1387

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387 
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog 
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html 

Description

CERT-FI published an advisory with a large number of samples of crafted 
archives.
The file with the md5sum b6046d890e6bd304e3756c88b989559a (named 
b6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load.

If you're running clamav on a mailserver, an attacker can DoS your Server 
remotely by sending some mails with the archive attached.

Workaround/Fix

clamav 0.93 fixes this issue beside other security issues, if you're running 
clamav you should upgrade as soon as possible.

Disclosure Timeline

2008-03-17 CERT-FI publishes advisory
2008-03-26 Vendor contacted
2008-03-27 Vendor approves issue
2008-04-14 Vendor releases 0.93
2008-04-16 Advisory published

CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2008-1387 to this issue. This is a candidate for inclusion in the CVE 
list (http://cve.mitre.org/), which standardizes names for security problems. 

Credits and copyright

This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. 
It's licensed under the creative commons attribution license.

Hanno Boeck, 2008-04-16, http://www.hboeck.de 
=2D- 
Hanno B=C3=B6ck		Blog:		http://www.hboeck.de/ 
GPG: 3DBD3B20		Jabber/Mail:	hanno@hboeck.de 

--nextPart2979974.EHLovl7PBj
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEABECAAYFAkgEfnIACgkQr2QksT29OyAz3gCcC6+q3PRfCrXrN+AKZaGV5QAo
ZIAAn322YmTigGOgVsLZ7BeXyJ7rH4eE
=hbR3
-----END PGP SIGNATURE-----

--nextPart2979974.EHLovl7PBj--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH