漏洞信息详情
ClamAV 'libclamav/phishcheck.c'栈溢出漏洞
- CNNVD编号:CNNVD-200904-459
- 危害等级: 高危
- CVE编号: CVE-2009-1372
- 漏洞类型: 缓冲区溢出
- 发布时间: 2009-04-23
- 威胁类型: 远程
- 更新时间: 2009-05-19
- 厂 商: clamav
- 漏洞来源: Martin Olsen
漏洞简介
Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。
ClamAV的libclamav/phishcheck.c文件中的cli_url_canon函数存在栈溢出漏洞,远程攻击者可以通过提交恶意的URL来触发这个溢出,导致执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://freshmeat.net/urls/c9bfa0aa2a4b8f3dc21e37debf0b05e5
参考网址
来源: VUPEN
名称: ADV-2009-0985
链接:http://www.vupen.com/english/advisories/2009/0985
来源: wwws.clamav.net
链接:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553
来源: SECTRACK
名称: 1022028
链接:http://www.securitytracker.com/id?1022028
来源: BID
名称: 34446
链接:http://www.securityfocus.com/bid/34446
来源: MANDRIVA
名称: MDVSA-2009:097
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:097
来源: svn.clamav.net
链接:http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3865
来源: SECUNIA
名称: 36701
链接:http://secunia.com/advisories/36701
来源: SECUNIA
名称: 34612
链接:http://secunia.com/advisories/34612
来源: OSVDB
名称: 53603
链接:http://osvdb.org/53603
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-09-10-2
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Sep/msg00004.HTML
受影响实体
- Clamav Clamav:0.80:Rc4
- Clamav Clamav:0.95:Src1
- Clamav Clamav:0.51
- Clamav Clamav:0.3
- Clamav Clamav:0.54
补丁
暂无
评论