漏洞信息详情
ClamAV缓冲区溢出漏洞
- CNNVD编号:CNNVD-200804-176
- 危害等级: 中危
- CVE编号: CVE-2008-1100
- 漏洞类型: 缓冲区溢出
- 发布时间: 2008-04-14
- 威胁类型: 远程
- 更新时间: 2021-07-14
- 厂 商: clam_anti-virus
- 漏洞来源: Alin Rad Pop
漏洞简介
ClamAV(Clam AntiVirus)是Clamav团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。
ClamAV存在缓冲区溢出漏洞,如果杀毒软件检测到了恶意的Upack文件时就会触发这个溢出,导致执行任意指令 。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServerUpdCombo10.5.5.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.1
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServerUpdCombo10.5.5.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.2
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServerUpdCombo10.5.5.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.3
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServerUpdCombo10.5.5.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.4
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServerUpd10.5.5.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
参考网址
来源:US-CERT
名称: TA08-260A
链接:http://www.us-cert.gov/cas/techalerts/TA08-260A.HTML
来源:US-CERT
名称: VU#858595
链接:http://www.kb.cert.org/vuls/id/858595
来源: BID
名称: 28756
链接:http://www.securityfocus.com/bid/28756
来源: VUPEN
名称: ADV-2008-2584
链接:http://www.frsirt.com/english/advisories/2008/2584
来源: GENTOO
名称: GLSA-200805-19
链接:http://security.gentoo.org/glsa/glsa-200805-19.xml
来源: MISC
链接:http://secunia.com/secunia_research/2008-11/advisory/
来源: SECUNIA
名称: 31882
链接:http://secunia.com/advisories/31882
来源: SECUNIA
名称: 29000
链接:http://secunia.com/advisories/29000
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-09-15
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce//2008/Sep/msg00005.HTML
来源: wwws.clamav.net
链接:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878
来源: FEDORA
名称: FEDORA-2008-3900
链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.HTML
来源: FEDORA
名称: FEDORA-2008-3420
链接:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.HTML
来源: FEDORA
名称: FEDORA-2008-3358
链接:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.HTML
来源: XF
名称: clamav-cliscanpe-bo(41789)
链接:http://xforce.iss.net/xforce/xfdb/41789
来源: SECTRACK
名称: 1019837
链接:http://www.securitytracker.com/id?1019837
来源: BID
名称: 28784
链接:http://www.securityfocus.com/bid/28784
来源: MANDRIVA
名称: MDVSA-2008:088
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:088
来源: VUPEN
名称: ADV-2008-1218
链接:http://www.frsirt.com/english/advisories/2008/1218/references
来源: DEBIAN
名称: DSA-1549
链接:http://www.debian.org/security/2008/dsa-1549
来源: SECUNIA
名称: 30328
链接:http://secunia.com/advisories/30328
来源: SECUNIA
名称: 30253
链接:http://secunia.com/advisories/30253
来源: SECUNIA
名称: 29975
链接:http://secunia.com/advisories/29975
来源: SECUNIA
名称: 29891
链接:http://secunia.com/advisories/29891
来源: SECUNIA
名称: 29886
链接:http://secunia.com/advisories/29886
来源: SECUNIA
名称: 29863
链接:http://secunia.com/advisories/29863
来源: SUSE
名称: SUSE-SA:2008:024
链接:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.HTML
来源: kolab.org
链接:http://kolab.org/security/kolab-vendor-notice-20.txt
受影响实体
- Clam_anti-Virus Clamav:0.92.1
- Clam_anti-Virus Clamav:0.92
补丁
暂无
评论