Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Apr 2007 10:55:33 +0400
From:      Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To:        freebsd-security@freebsd.org
Subject:   VuXML entry for CVE-2007-1870: ClamAV CAB File Unstore Buffer Overflow
Message-ID:  <20070417065533.GL26348@codelabs.ru>
next in thread | raw e-mail | index | archive | help 

--oYAXToTM8kn9Ra/9
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline

Good day.

Spotted the CVE-2007-1870: the clamav 0.90.2 is already in the ports,
but no sign of the issue in the VuXML. The entry is attached. One
thing that is a bit strange is that the ChangeLog for the ClamAV
(http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about
CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are
messed the numbers -- there is no such CVE, at least I failed to
find it via cve.mitre.org:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997
But the CVE-2007-1870 is a candidate and has no relevant information,
so I am not 100% sure about the correct number.
-- 
Eygene

--oYAXToTM8kn9Ra/9
Content-Type: text/plain; charset=koi8-r
Content-Disposition: attachment; filename="vuln.xml"

  <vuln vid="unknown">
    <topic>clamav -- CAB File Unstore Buffer Overflow Vulnerability</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><ge>0.90rc3</ge><lt>0.90.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">;
	<p>iDefense Security Advisory 04.16.07:</p>
	<blockquote cite="http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513">;
	  <p>Remote exploitation of a buffer overflow vulnerability in Clam
	    AntiVirus' ClamAV allows attackers to execute arbitrary code
	    with the privileges of the affected process.</p>
	  <p>Successful exploitation of this vulnerability results
	    in code execution with the privileges of the process
	    using libclamav.</p>
	  <p>In the case of the clamd program, this will result in
	    executing code with the privileges of the clamav user.
	    Unsuccessful exploitation results in the clamd
	    process crashing.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2007-1870</cvename>
      <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513</url>;
      <url>http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog</url>;
    </references>
    <dates>
      <discovery>2007-04-14</discovery>
    </dates>
  </vuln>

--oYAXToTM8kn9Ra/9--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070417065533.GL26348>