漏洞信息详情
ClamAV 输入验证错误漏洞
- CNNVD编号:CNNVD-200904-075
- 危害等级: 中危
- CVE编号: CVE-2009-1241
- 漏洞类型: 输入验证错误
- 发布时间: 2009-04-03
- 威胁类型: 远程
- 更新时间: 2020-11-12
- 厂 商: clam_anti-virus
- 漏洞来源: Thierry Zoller
漏洞简介
ClamAV(Clam AntiVirus)是ClamAV团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。
ClamAV 0.95之前版本存在输入验证错误漏洞。远程攻击者可以借助一个修改过的RAR存档文件,绕过对恶意软件的检测。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
MandrakeSoft Linux Mandrake 2008.1 x86_64
Mandriva clamav-0.95.1-2.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva clamav-db-0.95.1-2.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva clamav-milter-0.95.1-2.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva clamd-0.95.1-2.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva lib64clamav-devel-0.95.1-2.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva lib64clamav6-0.95.1-2.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download
MandrakeSoft Linux Mandrake 2008.1
Mandriva clamav-0.95.1-2.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamav-db-0.95.1-2.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamav-milter-0.95.1-2.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamd-0.95.1-2.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download
Mandriva libclamav-devel-0.95.1-2.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download
Mandriva libclamav6-0.95.1-2.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download
MandrakeSoft Linux Mandrake 2009.0
Mandriva clamav-0.95.1-2.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamav-db-0.95.1-2.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamav-milter-0.95.1-2.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamd-0.95.1-2.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download
Mandriva libclamav-devel-0.95.1-2.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download
Mandriva libclamav6-0.95.1-2.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 4.0
Mandriva clamav-0.95.1-1.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamav-db-0.95.1-1.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamav-milter-0.95.1-1.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download
Mandriva clamd-0.95.1-1.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download
Mandriva libclamav-devel-0.95.1-1.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download
Mandriva libclamav6-0.95.1-1.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download
MandrakeSoft Linux Mandrake 2009.0 x86_64
Mandriva clamav-0.95.1-2.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva clamav-db-0.95.1-2.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva clamav-milter-0.95.1-2.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva clamd-0.95.1-2.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva lib64clamav-devel-0.95.1-2.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva lib64clamav6-0.95.1-2.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download
MandrakeSoft Corporate Server 3.0 x86_64
Mandriva clamav-0.95.1-1.1.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download
Mandriva clamav-db-0.95.1-1.1.C30mdk.x86_64.rpm
http://www.mandr
参考网址
来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1241※http://www.securityfocus.com/bid/34344
链接:无
来源:SECUNIA
链接:http://secunia.com/advisories/36701
来源:CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Sep/msg00004.HTML
来源:CONFIRM
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3865
来源:MISC
链接:http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.HTML
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/502366/100/0/threaded
来源:BID
链接:https://www.securityfocus.com/bid/34344
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2009/04/07/6
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2009/0934
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.HTML
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:097
受影响实体
- Clam_anti-Virus Clamav:0.04
- Clam_anti-Virus Clamav:0.05
- Clam_anti-Virus Clamav:0.03
- Clam_anti-Virus Clamav:0.88.7:P1
- Clam_anti-Virus Clamav:0.02
补丁
暂无
评论