漏洞信息详情
ClamAV ’get_unicode_name‘函数单字节堆溢出漏洞
- CNNVD编号:CNNVD-200811-195
- 危害等级: 中危
- CVE编号: CVE-2008-5050
- 漏洞类型: 缓冲区溢出
- 发布时间: 2008-11-13
- 威胁类型: 远程
- 更新时间: 2009-02-20
- 厂 商: clam_anti-virus
- 漏洞来源: Moritz Jodeit mor...
漏洞简介
Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。
Clam Anti-Virus (ClamAV)的get_unicode_name函数存在单字节堆溢出漏洞。远程攻击者可以利用一个特制的VBA工程文件,触发堆缓冲区溢出,从而造成拒绝服务(崩溃)或可能执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.94.1.tar.gz
参考网址
来源: BID
名称: 32207
链接:http://www.securityfocus.com/bid/32207
来源: FEDORA
名称: FEDORA-2008-9651
链接:https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.HTML
来源: FEDORA
名称: FEDORA-2008-9644
链接:https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.HTML
来源: XF
名称: clamav-getunicode名称-bo(46462)
链接:http://xforce.iss.net/xforce/xfdb/46462
来源: BUGTRAQ
名称: 20081108 ClamAV get_unicode_名称() off-by-one buffer overflow
链接:http://www.securityfocus.com/archive/1/archive/1/498169/100/0/threaded
来源: MANDRIVA
名称: MDVSA-2008:229
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:229
来源: VUPEN
名称: ADV-2009-0422
链接:http://www.frsirt.com/english/advisories/2009/0422
来源: VUPEN
名称: ADV-2008-3085
链接:http://www.frsirt.com/english/advisories/2008/3085
来源: DEBIAN
名称: DSA-1680
链接:http://www.debian.org/security/2008/dsa-1680
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3438
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=637952&group_id=86638
来源: SREASON
名称: 4579
链接:http://securityreason.com/securityalert/4579
来源: GENTOO
名称: GLSA-200812-21
链接:http://security.gentoo.org/glsa/glsa-200812-21.xml
来源: SECUNIA
名称: 33937
链接:http://secunia.com/advisories/33937
来源: SECUNIA
名称: 33317
链接:http://secunia.com/advisories/33317
来源: SECUNIA
名称: 33016
链接:http://secunia.com/advisories/33016
来源: SECUNIA
名称: 32872
链接:http://secunia.com/advisories/32872
来源: SECUNIA
名称: 32699
链接:http://secunia.com/advisories/32699
来源: SECUNIA
名称: 32663
链接:http://secunia.com/advisories/32663
来源: SUSE
名称: SUSE-SR:2008:026
链接:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.HTML
来源: FULLDISC
名称: 20081109 ClamAV get_unicode_名称() off-by-one buffer overflow
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.HTML
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-02-12
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Feb/msg00000.HTML
受影响实体
- Clam_anti-Virus Clamav:0.60p
- Clam_anti-Virus Clamav:0.65
- Clam_anti-Virus Clamav:0.72
- Clam_anti-Virus Clamav:0.80
- Clam_anti-Virus Clamav:0.80_rc1
补丁
暂无
评论