Info

Disclosure

Nov 30, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 30, 2010

Description

ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered when handling PDF files, and can be exploited to result in loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Security Software

Solution

Upgrade to version 0.96.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sourcefire, Inc.

ClamAV

0.96.4

References

Related OSVDB ID: 1138205 69612
CVE ID: 2010-4479 (see also: NVD)
Secunia Advisory ID: 42426 42555 42720 42746 43814 46491
Vendor Specific News/Changelog Entry: http://freshmeat.net/projects/clamav/releases/325193
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=master
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=019f1955194360600ecf0644959ceca6734c2d7b
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052401.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
https://bugzilla.redhat.com/show_bug.cgi?id=659861
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2380
Other Advisory URL: http://openwall.com/lists/oss-security/2010/12/03/1
http://openwall.com/lists/oss-security/2010/12/03/3
http://openwall.com/lists/oss-security/2010/12/03/6
Vendor Specific Advisory URL: http://support.apple.com/kb/HT1222
http://support.apple.com/kb/HT4581
http://www.gentoo.org/security/en/glsa/glsa-201110-20.xml
http://www.ubuntu.com/usn/usn-1031-1
News Article: http://www.scmagazineus.com/apple-issues-slew-of-patches/article/198899/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/69656