BNLug - Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability

Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability

TITLE: Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
CLASS: Failure to Handle Exceptional Conditions
CVE: CVE-2007-2650

REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 04 2007 12:00AM
UPDATE: Jun 15 2007 07:19PM
CREDIT: Victor Stinner discovered this vulnerability.
VULNERABLE:

Trustix Secure Linux 3.0.5
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Clam Anti-Virus ClamAV 0.90.2
Clam Anti-Virus ClamAV 0.90.1
Clam Anti-Virus ClamAV 0.90
-MandrakeSoft Corporate Server 4.0 x86_64
-MandrakeSoft Corporate Server 3.0 x86_64
-MandrakeSoft Corporate Server 3.0
-MandrakeSoft Corporate Server 4.0
-MandrakeSoft Linux Mandrake 2007.1 x86_64
-MandrakeSoft Linux Mandrake 2007.1
-MandrakeSoft Linux Mandrake 2007.0 x86_64
-MandrakeSoft Linux Mandrake 2007.0

NOT VULNERABLE:

Clam Anti-Virus ClamAV 0.90.3

Vai alla pagina originale su Security Focus

Discussion

ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files.

A successful attack may allow an attacker to cause denial-of-service conditions.

Versions prior to ClamAV 0.90.3 are affected.