Info

Disclosure

Jun 29, 2005

Discovery

Jun 07, 2005

Dates

Exploit

Jun 29, 2005

Solution

Unknown

Description

ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered by a file descriptor leak in cli_msexpand() function, located in libclamav/scanners.c, which consumes all available file descriptors and/or memory on the target system. A remote attacker sends approximately 1,000 specially crafted archive files, either by email attachment or directly to a current HTTP session, resulting in a loss of availability of the anti-virus system.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.86 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Tomasz Kojm

ClamAV

0.83

References

Security Tracker: 1014332
Bugtraq ID: 14090
Secunia Advisory ID: 15859 15919 15938 16413
Related OSVDB ID: 17645
CVE ID: 2005-1922 (see also: NVD)
ISS X-Force ID: 21206
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0083.html
Vendor URL: http://clamav.sourceforge.net/
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000973
http://www.debian.org/security/2005/dsa-737
http://www.debian.org/security/2005/dsa-773
http://www.idefense.com/application/poi/display?id=276&type=vulnerabilities
http://www.securiteam.com/securitynews/5PP0W00G0K.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218