ISS X-Force Database: clamav-rarvm-dos(35367): ClamAV RAR VM denial of service

ClamAV RAR VM denial of service

clamav-rarvm-dos (35367)

Low Risk

Description:

Clam AntiVirus is vulnerable to a denial of service, caused by a null pointer deference in the RAR VM component. By persuading a victim to scan a specially-crafted RAR archive file, a remote attacker could exploit this vulnerability to crash the application.

Note: Multiple vendor unrar implementations may be affected by this vulnerability.

Platforms Affected:

Apple, Mac OS X Server 10.4.11
Apple, Mac OS X Server 10.5.2
Clam Anti-Virus, ClamAV prior to 0.91
Debian, Debian Linux 4.0
Gentoo, Linux
Kolab, Kolab Server 2.0.4 and prior
Kolab, Kolab Server 2.1.0 and prior
Kolab, Kolab Server 2.2-beta1
MandrakeSoft, Mandrake Linux 2007
MandrakeSoft, Mandrake Linux 2007 X86_64
MandrakeSoft, Mandrake Linux 2007.1 X86_64
MandrakeSoft, Mandrake Linux 2007.1
MandrakeSoft, Mandrake Linux 2008.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 3.0
MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 4.0
MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
SuSE, SuSE Linux

Remedy:

Upgrade to the latest version of ClamAV (0.91 or later), available from the ClamAV Web site. See References.

For Kolab Server:
Refer to Kolab Security Issue 16 20070724 for patch, upgrade, or suggested workaround information. See References.

For Debian Linux (clamav):
Refer to DSA-1340-1 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux (clamav):
Refer to MDKSA-2007:150 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux:
Refer to SUSE-SR:2007:015 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (ClamAV):
Refer to GLSA 200708-04 for patch, upgrade, or suggested workaround information. See References.

For Mac OS X:
Apply Security Update 2008-002, available from the Apple Web site. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

Apple Web site, About Security Update 2008-002 at http://docs.info.apple.com/article.html?artnum=307562.
ClamAV Bugzilla Bug 555, RAR Files Handling Denial of Service vulnerability at https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555.
Full-Disclosure Mailing List, Wed Jul 11 2007 - 10:32:53 CDT, Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability at http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0218.html.
Full-Disclosure Mailing List, Wed Jul 11 2007 - 10:32:53 CDT, Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability at http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0218.html.
Full-Disclosure Mailing List, Wed Jul 11 2007 - 10:46:56 CDT, Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. at http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0214.html.
Kolab Security Issue 16 20070724, Kolab Server, ClamAV denial of service at http://kolab.org/security/kolab-vendor-notice-16.txt.
Metaeye Security Group Advisory 54, Clam AntiVirus RAR File Handling Denial Of Service Vulnerability at http://www.metaeye.org/advisories/54.
BID-24866: Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability
CVE-2007-3725: The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
DSA-1340: clamav -- null pointer dereference
GLSA-200708-04: ClamAV: Denial of Service
MDKSA-2007:150: Updated clamav packages fix vulnerabilities
SA26038: ClamAV RAR Archive Processing Denial of Service Vulnerability
SA26209: Kolab Server ClamAV RAR Archive Processing Denial of Service Vulnerability
SA29420: Mac OS X Security Update Fixes Multiple Vulnerabilities
SUSE-SR:2007:015: SUSE Security Summary Report
VUPEN/ADV-2007-2509: ClamAV execute_standard_filter() RAR Archive Denial of Service Vulnerability
VUPEN/ADV-2007-2643: Kolab Server Update Fixes ClamAV RAR File Denial of Service Vulnerability
VUPEN/ADV-2008-0924: Apple Mac OS X Command Execution and Security Bypass Issues

Reported:

Jul 11, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page