SourceFire ClamAV 至 0.93.0 资源管理漏洞

CVE编号

CVE-2008-2713

利用情况

暂无

补丁情况

官方补丁

披露时间

2008-06-17

漏洞描述

0.93.1之前的ClamAV中的libclamav / petite.c允许远程攻击者通过精心制作的Petite文件触发触发越界读取，从而导致拒绝服务。

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://kolab.org/security/kolab-vendor-notice-21.txt
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html
http://secunia.com/advisories/30657
http://secunia.com/advisories/30785
http://secunia.com/advisories/30829
http://secunia.com/advisories/30967
http://secunia.com/advisories/31091
http://secunia.com/advisories/31167
http://secunia.com/advisories/31206
http://secunia.com/advisories/31437
http://secunia.com/advisories/31576
http://secunia.com/advisories/31882
http://security.gentoo.org/glsa/glsa-200808-07.xml
http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638
http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.9...
http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html
http://www.debian.org/security/2008/dsa-1616
http://www.mandriva.com/security/advisories?name=MDVSA-2008:122
http://www.openwall.com/lists/oss-security/2008/06/15/2
http://www.openwall.com/lists/oss-security/2008/06/17/8
http://www.securityfocus.com/bid/29750
http://www.securitytracker.com/id?1020305
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
http://www.vupen.com/english/advisories/2008/1855/references
http://www.vupen.com/english/advisories/2008/2584
https://exchange.xforce.ibmcloud.com/vulnerabilities/43133
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	clam_anti-virus	clamav	0.15	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.20	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.21	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.22	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.23	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.24	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.51	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.52	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.53	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.54	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.60	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.60p	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.65	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.67	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.68	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.68.1	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.70	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.71	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.72	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.73	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.74	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.75	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.75.1	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.80	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.80_rc1	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.80_rc2	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.80_rc3	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.80_rc4	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.81	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.81_rc1	-
	运行在以下环境
	应用	clam_anti-virus	clamav	0.82	-
	运行在以下环境
应用	clam_anti-virus	clamav	0.83	-
运行在以下环境
应用	clam_anti-virus	clamav	0.84	-
运行在以下环境
应用	clam_anti-virus	clamav	0.84_rc1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.84_rc2	-
运行在以下环境
应用	clam_anti-virus	clamav	0.85	-
运行在以下环境
应用	clam_anti-virus	clamav	0.85.1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.86	-
运行在以下环境
应用	clam_anti-virus	clamav	0.86.1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.86.2	-
运行在以下环境
应用	clam_anti-virus	clamav	0.86_rc1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.87	-
运行在以下环境
应用	clam_anti-virus	clamav	0.87.1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.88	-
运行在以下环境
应用	clam_anti-virus	clamav	0.88.1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.88.3	-
运行在以下环境
应用	clam_anti-virus	clamav	0.88.4	-
运行在以下环境
应用	clam_anti-virus	clamav	0.88.5	-
运行在以下环境
应用	clam_anti-virus	clamav	0.88.6	-
运行在以下环境
应用	clam_anti-virus	clamav	0.88.7	-
运行在以下环境
应用	clam_anti-virus	clamav	0.90	-
运行在以下环境
应用	clam_anti-virus	clamav	0.90.1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.90.2	-
运行在以下环境
应用	clam_anti-virus	clamav	0.90rc1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.90_rc1.1	-
运行在以下环境
应用	clam_anti-virus	clamav	0.90_rc2	-
运行在以下环境
应用	clam_anti-virus	clamav	0.90_rc3	-
运行在以下环境
系统	debian_4.0	clamav	*		Up to (excluding) 0.90.1dfsg-3.1etch14
运行在以下环境
系统	debian_5.0	clamav	*		Up to (excluding) 0.93~dfsg-1+lenny1

阿里云评分 3.4

• 攻击路径 本地
• 攻击复杂度 N/A
• 权限要求 N/A
• 影响范围 有限影响
• EXP成熟度 未验证
• 补丁情况 官方补丁
• 数据保密性 N/A
• 数据完整性 传输被破坏
• 服务器危害 N/A
• 全网数量 N/A

CWE-ID 漏洞类型 CWE-399 资源管理错误