Vulnerabilities > CVE-2009-1241 - Unspecified vulnerability in Clamav
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-6145.NASL description ClamAV update to version 0.95. This also fix some potential security bugs. (CVE-2009-1241) last seen 2020-06-01 modified 2020-06-02 plugin id 36121 published 2009-04-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36121 title openSUSE 10 Security Update : clamav (clamav-6145) NASL family SuSE Local Security Checks NASL id SUSE9_12388.NASL description ClamAV update to version 0.95. This also fix some potential security bugs. (CVE-2009-1241) last seen 2020-06-01 modified 2020-06-02 plugin id 41290 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41290 title SuSE9 Security Update : ClamAV (YOU Patch Number 12388) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-097.NASL description Multiple vulnerabilities has been found and corrected in clamav : Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241). libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680). libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270). The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371). Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372). Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. This update provides clamav 0.95.1, which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38165 published 2009-04-27 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38165 title Mandriva Linux Security Advisory : clamav (MDVSA-2009:097) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-005.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-005 applied. This security update contains fixes for the following products : - Alias Manager - CarbonCore - ClamAV - ColorSync - CoreGraphics - CUPS - Flash Player plug-in - ImageIO - Launch Services - MySQL - PHP - SMB - Wiki Server last seen 2020-06-01 modified 2020-06-02 plugin id 40945 published 2009-09-11 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40945 title Mac OS X Multiple Vulnerabilities (Security Update 2009-005) NASL family SuSE Local Security Checks NASL id SUSE_11_1_CLAMAV-090407.NASL description ClamAV update to version 0.95. This also fix some potential security bugs. (CVE-2009-1241) last seen 2020-06-01 modified 2020-06-02 plugin id 40199 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40199 title openSUSE Security Update : clamav (clamav-750) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-327.NASL description Multiple vulnerabilities has been found and corrected in clamav : Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241). libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680). libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270). The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371). Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372). Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides clamav 0.95.2, which is not vulnerable to these issues. Additionally klamav-0.46 is being provided that has support for clamav-0.95+. last seen 2020-06-01 modified 2020-06-02 plugin id 43076 published 2009-12-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43076 title Mandriva Linux Security Advisory : clamav (MDVSA-2009:327) NASL family Misc. NASL id CLAMAV_0_95.NASL description According to its version, the clamd antivirus daemon on the remote host is earlier than 0.95. Such versions are affected by multiple vulnerabilities : - A failure to handle certain malformed last seen 2020-06-01 modified 2020-06-02 plugin id 36075 published 2009-04-02 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36075 title ClamAV < 0.95 Scan Evasion NASL family SuSE Local Security Checks NASL id SUSE_11_0_CLAMAV-090408.NASL description ClamAV update to version 0.95. This also fix some potential security bugs. (CVE-2009-1241) last seen 2020-06-01 modified 2020-06-02 plugin id 39934 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39934 title openSUSE Security Update : clamav (clamav-750) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-6144.NASL description ClamAV update to version 0.95. This also fix some potential security bugs. (CVE-2009-1241) last seen 2020-06-01 modified 2020-06-02 plugin id 41486 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41486 title SuSE 10 Security Update : ClamAV (ZYPP Patch Number 6144) NASL family SuSE Local Security Checks NASL id SUSE_11_CLAMAV-090407.NASL description ClamAV update to version 0.95. This also fix some potential security bugs. (CVE-2009-1241) last seen 2020-06-01 modified 2020-06-02 plugin id 41373 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41373 title SuSE 11 Security Update : ClamAV (SAT Patch Number 749)
References
- http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
- http://secunia.com/advisories/36701
- http://support.apple.com/kb/HT3865
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:097
- http://www.openwall.com/lists/oss-security/2009/04/07/6
- http://www.securityfocus.com/archive/1/502366/100/0/threaded
- http://www.securityfocus.com/bid/34344
- http://www.vupen.com/english/advisories/2009/0934