漏洞信息详情
ClamAV 代码注入漏洞
- CNNVD编号:CNNVD-200904-180
- 危害等级: 中危
- CVE编号: CVE-2009-1270
- 漏洞类型: 代码注入
- 发布时间: 2009-04-08
- 威胁类型: 远程
- 更新时间: 2022-02-11
- 厂 商: clamav
- 漏洞来源: Jeffrey Thomas Pec...
漏洞简介
ClamAV(Clam AntiVirus)是Clamav团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。
ClamAV 0.95之前版本存在代码注入漏洞,该漏洞源于libclamav/untar.c允许远程攻击者借助一个特制的TAR文件,拒绝服务攻击(死循环)。该TAR文件会造成(1)clamd和(2)clamscan挂起。
漏洞公告
参考网址
来源:CONFIRM
链接:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/49846
来源:CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Sep/msg00004.HTML
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2009/04/07/6
来源:UBUNTU
链接:http://www.ubuntu.com/usn/usn-754-1
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:097
来源:SECUNIA
链接:http://secunia.com/advisories/36701
来源:BID
链接:https://www.securityfocus.com/bid/34357
来源:CONFIRM
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3865
来源:SECUNIA
链接:http://secunia.com/advisories/34716
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2009/0934
来源:DEBIAN
链接:https://www.debian.org/security/2009/dsa-1771
来源:OSVDB
链接:http://osvdb.org/53461
受影响实体
- Clamav Clamav:0.91_rc1
- Clamav Clamav:0.94.1
- Clamav Clamav:0.93.1
- Clamav Clamav:0.93.2
- Clamav Clamav:0.92
补丁
暂无
评论