漏洞信息详情
ClamAV libclamav/fsg.c拒绝服务漏洞
- CNNVD编号:CNNVD-200509-174
- 危害等级: 低危
- CVE编号: CVE-2005-2919
- 漏洞类型: 资源管理错误
- 发布时间: 2005-09-20
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: clam_anti-virus
- 漏洞来源: Discovery is credi...
漏洞简介
Clam AntiVirus(ClamAV)是ClamAV团队开发的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。
Clam AntiVirus (ClamAV) 0.87之前版本的libclamav/fsg.c文件存在漏洞,远程攻击者利用它伪造FSG压缩可执行文件,从而触发拒绝服务(死循环)。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Clam Anti-Virus ClamAV 0.51版
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.67
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=8663
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.81
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.87
http://sourceforge.net/project/showfiles.php?group_id=86638
Mandriva clamav-0.87-0.1.102mdk.i586.rpm
Mandrakelinux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3
参考网址
来源: US Government
名称: GLSA-200509-13
链接:http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml
来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=356974
来源: XF
名称: clam-antivirus-fsg-dos(22308)
链接:http://xforce.iss.net/xforce/xfdb/22308
来源: BID
名称: 14867
链接:http://www.securityfocus.com/bid/14867
来源: OSVDB
名称: 19507
链接:http://www.osvdb.org/19507
来源: SUSE
名称: SUSE-SA:2005:055
链接:http://www.novell.com/linux/security/advisories/2005_55_clamav.HTML
来源: MANDRAKE
名称: MDKSA-2005:166
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:166
来源: VUPEN
名称: ADV-2005-1774
链接:http://www.frsirt.com/english/advisories/2005/1774
来源: DEBIAN
名称: DSA-824
链接:http://www.debian.org/security/2005/dsa-824
来源: SECUNIA
名称: 16989
链接:http://secunia.com/advisories/16989
来源: SECUNIA
名称: 16848
链接:http://secunia.com/advisories/16848
来源: MANDRAKE
名称: MDKSA-2005:166
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:166
受影响实体
- Clam_anti-Virus Clamav:0.86.2
- Clam_anti-Virus Clamav:0.86.1
- Clam_anti-Virus Clamav:0.85.1
- Clam_anti-Virus Clamav:0.86
- Clam_anti-Virus Clamav:0.85
补丁
暂无
评论