Vulnerabilities > CVE-2008-1389 - Resource Management Errors vulnerability in Clam Anti-Virus Clamav
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-9644.NASL description Security fixes from upstream 0.94 and 0.94.1: CVE-2008-1389 (#461461): Invalid memory access in the CHM unpacker CVE-2008-3912 (#461461): Multiple out-of-memory NULL pointer dereferences CVE-2008-3913 (#461461): Fix memory leak in the error code path in freshclam CVE-2008-3914 (#461461): Multiple file descriptor leaks on the error code path CVE-2008-5050 (#470783): get_unicode_name() off-by-one buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34774 published 2008-11-16 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34774 title Fedora 9 : clamav-0.93.3-2.fc9 (2008-9644) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-9644. # include("compat.inc"); if (description) { script_id(34774); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-1389", "CVE-2008-3912", "CVE-2008-3913", "CVE-2008-3914", "CVE-2008-5050"); script_bugtraq_id(30994, 31051, 32207); script_xref(name:"FEDORA", value:"2008-9644"); script_name(english:"Fedora 9 : clamav-0.93.3-2.fc9 (2008-9644)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fixes from upstream 0.94 and 0.94.1: CVE-2008-1389 (#461461): Invalid memory access in the CHM unpacker CVE-2008-3912 (#461461): Multiple out-of-memory NULL pointer dereferences CVE-2008-3913 (#461461): Fix memory leak in the error code path in freshclam CVE-2008-3914 (#461461): Multiple file descriptor leaks on the error code path CVE-2008-5050 (#470783): get_unicode_name() off-by-one buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=461461" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=470783" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016199.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?150bf4e7" ); script_set_attribute( attribute:"solution", value:"Update the affected clamav package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"clamav-0.93.3-2.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DA5C4072808211DD9C8C001C2514716C.NASL description Hanno Boeck reports : A fuzzing test showed weakness in the chm parser of clamav, which can possibly be exploited. The clamav team has disabled the chm module in older versions though freshclam updates and has released 0.94 with a fixed parser. last seen 2020-06-01 modified 2020-06-02 plugin id 34189 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34189 title FreeBSD : clamav -- CHM Processing Denial of Service (da5c4072-8082-11dd-9c8c-001c2514716c) NASL family Gain a shell remotely NASL id CLAMAV_0_94.NASL description According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94. Such versions are affected by one or more of the following issues : - A segmentation fault can occur when processing corrupted LZH files. (Bug #1052) - Invalid memory access errors in last seen 2020-06-01 modified 2020-06-02 plugin id 35087 published 2008-12-11 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35087 title ClamAV < 0.94 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-007.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog last seen 2020-06-01 modified 2020-06-02 plugin id 34374 published 2008-10-10 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34374 title Mac OS X Multiple Vulnerabilities (Security Update 2008-007) NASL family SuSE Local Security Checks NASL id SUSE9_12236.NASL description This version update of clamav to 0.94 fixes numerous problems, including the following security issues : - Fix possible invalid memory access. (CVE-2008-1389) - Fix out-of-memory null dereference. (CVE-2008-3912) - Fix error path memory leaks and file descriptor leaks. (CVE-2008-3913, CVE-2008-3914) last seen 2020-06-01 modified 2020-06-02 plugin id 41239 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41239 title SuSE9 Security Update : clamav (YOU Patch Number 12236) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-5579.NASL description This version update to 0.94 fixes numerous problems including some security relevant ones. (CVE-2008-3912 / CVE-2008-1389 / CVE-2008-3913 / CVE-2008-3914) last seen 2020-06-01 modified 2020-06-02 plugin id 34167 published 2008-09-11 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34167 title SuSE 10 Security Update : clamav (ZYPP Patch Number 5579) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-5578.NASL description This version update to 0.94 fixes numerous problems including some security relevant ones (CVE-2008-3912, CVE-2008-1389, CVE-2008-3913, CVE-2008-3914). last seen 2020-06-01 modified 2020-06-02 plugin id 34166 published 2008-09-11 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34166 title openSUSE 10 Security Update : clamav (clamav-5578) NASL family SuSE Local Security Checks NASL id SUSE_11_0_CLAMAV-080905.NASL description This version update to 0.94 fixes numerous problems including some security relevant ones (CVE-2008-3912, CVE-2008-1389, CVE-2008-3913, CVE-2008-3914). last seen 2020-06-01 modified 2020-06-02 plugin id 39931 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39931 title openSUSE Security Update : clamav (clamav-181) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9651.NASL description Security fixes from upstream 0.94 and 0.94.1: CVE-2008-3912 (#461461): Multiple out-of-memory NULL pointer dereferences CVE-2008-3913 (#461461): Fix memory leak in the error code path in freshclam CVE-2008-3914 (#461461): File descriptor leak on the error code path CVE-2008-5050 (#470783): get_unicode_name() off-by-one buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34775 published 2008-11-16 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34775 title Fedora 8 : clamav-0.92.1-4.fc8 (2008-9651) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-189.NASL description Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including : A vulnerability in ClamAV last seen 2020-06-01 modified 2020-06-02 plugin id 38032 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38032 title Mandriva Linux Security Advisory : clamav (MDVSA-2008:189-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200809-18.NASL description The remote host is affected by the vulnerability described in GLSA-200809-18 (ClamAV: Multiple Denials of Service) Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files (CVE-2008-1389). Other unspecified vulnerabilities were also reported, including a NULL pointer dereference in libclamav (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913), and file descriptor leaks in libclamav/others.c and libclamav/sis.c (CVE-2008-3914). Impact : A remote attacker could entice a user or automated system to scan a specially crafted CHM, possibly resulting in a Denial of Service (daemon crash). The other attack vectors mentioned above could also result in a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 34299 published 2008-09-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34299 title GLSA-200809-18 : ClamAV: Multiple Denials of Service
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 30994 CVE ID:CVE-2008-1389 CNCVE ID:CNCVE-20081389 ClamAV是一款反病毒应用程序。 ClamAV处理畸形CHM文件存在非法内存访问错误,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 问题存在于'chmunpack.c'中,畸形的CHM文件,诱使ClamAV处理可触发此漏洞。 ifenslave ifenslave 0.88 Clam Anti-Virus ClamAV 0.93.1 Clam Anti-Virus ClamAV 0.92.1 Clam Anti-Virus ClamAV 0.91.2 Clam Anti-Virus ClamAV 0.91.1 Clam Anti-Virus ClamAV 0.90.3 Clam Anti-Virus ClamAV 0.90.2 Clam Anti-Virus ClamAV 0.90.1 + Debian Linux 4.0 sparc + Debian Linux 4.0 s/390 + Debian Linux 4.0 powerpc + Debian Linux 4.0 mipsel + Debian Linux 4.0 mips + Debian Linux 4.0 m68k + Debian Linux 4.0 ia-64 + Debian Linux 4.0 ia-32 + Debian Linux 4.0 hppa + Debian Linux 4.0 arm + Debian Linux 4.0 amd64 + Debian Linux 4.0 alpha + Debian Linux 4.0 Clam Anti-Virus ClamAV 0.90 - MandrakeSoft Corporate Server 4.0 x86_64 - MandrakeSoft Corporate Server 3.0 x86_64 - MandrakeSoft Corporate Server 3.0 - MandrakeSoft Corporate Server 4.0 - MandrakeSoft Linux Mandrake 2007.1 x86_64 - MandrakeSoft Linux Mandrake 2007.1 - MandrakeSoft Linux Mandrake 2007.0 x86_64 - MandrakeSoft Linux Mandrake 2007.0 Clam Anti-Virus ClamAV 0.88.5 Clam Anti-Virus ClamAV 0.88.4 Clam Anti-Virus ClamAV 0.88.3 Clam Anti-Virus ClamAV 0.88.2 Clam Anti-Virus ClamAV 0.88.1 Clam Anti-Virus ClamAV 0.87.1 Clam Anti-Virus ClamAV 0.87 -1 Clam Anti-Virus ClamAV 0.87 Clam Anti-Virus ClamAV 0.86.2 Clam Anti-Virus ClamAV 0.86 .1 Clam Anti-Virus ClamAV 0.86 Clam Anti-Virus ClamAV 0.85.1 Clam Anti-Virus ClamAV 0.85 Clam Anti-Virus ClamAV 0.84 rc2 Clam Anti-Virus ClamAV 0.84 rc1 Clam Anti-Virus ClamAV 0.84 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 Clam Anti-Virus ClamAV 0.83 Clam Anti-Virus ClamAV 0.82 Clam Anti-Virus ClamAV 0.81 + Gentoo Linux Clam Anti-Virus ClamAV 0.80 rc4 Clam Anti-Virus ClamAV 0.80 rc3 Clam Anti-Virus ClamAV 0.80 rc2 Clam Anti-Virus ClamAV 0.80 rc1 Clam Anti-Virus ClamAV 0.80 Clam Anti-Virus ClamAV 0.75.1 Clam Anti-Virus ClamAV 0.70 Clam Anti-Virus ClamAV 0.68 -1 Clam Anti-Virus ClamAV 0.68 Clam Anti-Virus ClamAV 0.67 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.4 Clam Anti-Virus ClamAV 0.65 Clam Anti-Virus ClamAV 0.60 Clam Anti-Virus ClamAV 0.54 Clam Anti-Virus ClamAV 0.53 Clam Anti-Virus ClamAV 0.52 Clam Anti-Virus ClamAV 0.51 Clam Anti-Virus ClamAV 0.93 Clam Anti-Virus ClamAV 0.92 Clam Anti-Virus ClamAV 0.91 Clam Anti-Virus ClamAV 0.88.6 升级程序: Clam Anti-Virus ClamAV 0.88.6 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.91 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.93 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.92 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.51 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.52 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.53 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.54 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.60 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.65 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.67 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.68 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.68 -1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.70 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.75.1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.80 rc4 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.80 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.80 rc3 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.80 rc1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.80 rc2 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.81 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.82 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.83 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.84 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.84 rc1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.84 rc2 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.85 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.85.1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.86 .1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.86 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.86.2 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.87 -1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.87 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.87.1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> ifenslave ifenslave 0.88 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.88.1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.88.2 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.88.3 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.88.4 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.88.5 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.90 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.90.1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.90.2 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.90.3 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.91.1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.91.2 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.92.1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> Clam Anti-Virus ClamAV 0.93.1 Clam Anti-Virus clamav-0.94.tar.gz <a href=http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz target=_blank>http://downloads.sourceforge.net/clamav/clamav-0.94.tar.gz</a> |
| id | SSV:3985 |
| last seen | 2017-11-19 |
| modified | 2008-09-10 |
| published | 2008-09-10 |
| reporter | Root |
| title | ClamAV 'chmunpack.c'非法内存访问远程拒绝服务漏洞 |
References
- http://int21.de/cve/CVE-2008-1389-clamav-chd.html
- http://kolab.org/security/kolab-vendor-notice-22.txt
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
- http://secunia.com/advisories/31725
- http://secunia.com/advisories/31906
- http://secunia.com/advisories/31982
- http://secunia.com/advisories/32030
- http://secunia.com/advisories/32222
- http://secunia.com/advisories/32699
- http://security.gentoo.org/glsa/glsa-200809-18.xml
- http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661
- http://support.apple.com/kb/HT3216
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:189
- http://www.securityfocus.com/bid/30994
- http://www.securityfocus.com/bid/31681
- http://www.securitytracker.com/id?1020805
- http://www.vupen.com/english/advisories/2008/2484
- http://www.vupen.com/english/advisories/2008/2564
- http://www.vupen.com/english/advisories/2008/2780
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089