安全研究
安全漏洞
Clam Anti-Virus ClamAV TNEF文件处理拒绝服务漏洞
发布日期:2005-11-04
更新日期:2005-11-04
受影响系统:
ClamAV ClamAV < 0.87.1描述:
BUGTRAQ ID: 15316
CVE(CAN) ID: CVE-2005-3500
Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。
ClamAV 0.81.1的tnef.c内,函数tnef_attachment存在拒绝服务漏洞,攻击者通过CAB文件里的特制值,可造成ClamAV重复扫描同一个块,导致无限循环和内存耗尽。
<*来源:anonymous
*>
建议:
厂商补丁:
ClamAV
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Clam Anti-Virus ClamAV 0.51
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.67
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.75.1
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Mandriva clamav-0.87.1-0.1.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-0.87.1-0.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-db-0.87.1-0.1.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-db-0.87.1-0.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-milter-0.87.1-0.1.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-milter-0.87.1-0.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamd-0.87.1-0.1.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamd-0.87.1-0.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.81
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Mandriva clamav-0.87.1-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-0.87.1-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-db-0.87.1-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-db-0.87.1-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-milter-0.87.1-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-milter-0.87.1-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamd-0.87.1-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamd-0.87.1-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Clam Anti-Virus ClamAV 0.84
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Debian clamav-base_0.84-2.sarge.6_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84 -2.sarge.6_all.deb
Debian clamav-daemon_0.84-2.sarge.6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_alpha.deb
Debian clamav-daemon_0.84-2.sarge.6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_arm.deb
Debian clamav-daemon_0.84-2.sarge.6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_hppa.deb
Debian clamav-daemon_0.84-2.sarge.6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_i386.deb
Debian clamav-daemon_0.84-2.sarge.6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_ia64.deb
Debian clamav-daemon_0.84-2.sarge.6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_m68k.deb
Debian clamav-daemon_0.84-2.sarge.6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_mips.deb
Debian clamav-daemon_0.84-2.sarge.6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_mipsel.deb
Debian clamav-daemon_0.84-2.sarge.6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_powerpc.deb
Debian clamav-daemon_0.84-2.sarge.6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_s390.deb
Debian clamav-daemon_0.84-2.sarge.6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_sparc.deb
Debian clamav-freshclam_0.84-2.sarge.6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_alpha.deb
Debian clamav-freshclam_0.84-2.sarge.6_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_amd64.deb
Debian clamav-freshclam_0.84-2.sarge.6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_arm.deb
Debian clamav-freshclam_0.84-2.sarge.6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_hppa.deb
Debian clamav-freshclam_0.84-2.sarge.6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_i386.deb
Debian clamav-freshclam_0.84-2.sarge.6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_ia64.deb
Debian clamav-freshclam_0.84-2.sarge.6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_m68k.deb
Debian clamav-freshclam_0.84-2.sarge.6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_mips.deb
Debian clamav-freshclam_0.84-2.sarge.6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_mipsel.deb
Debian clamav-freshclam_0.84-2.sarge.6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_powerpc.deb
Debian clamav-freshclam_0.84-2.sarge.6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_s390.deb
Debian clamav-freshclam_0.84-2.sarge.6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_sparc.deb
Debian clamav-milter_0.84-2.sarge.6_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_amd64.deb
Debian clamav-milter_0.84-2.sarge.6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_arm.deb
Debian clamav-milter_0.84-2.sarge.6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_hppa.deb
Debian clamav-milter_0.84-2.sarge.6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_i386.deb
Debian clamav-milter_0.84-2.sarge.6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_ia64.deb
Debian clamav-milter_0.84-2.sarge.6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_m68k.deb
Debian clamav-milter_0.84-2.sarge.6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_mips.deb
Debian clamav-milter_0.84-2.sarge.6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_mipsel.deb
Debian clamav-milter_0.84-2.sarge.6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_powerpc.deb
Debian clamav-milter_0.84-2.sarge.6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_s390.deb
Debian clamav-milter_0.84-2.sarge.6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_sparc.deb
Debian clamav_0.84-2.sarge.6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_alpha.deb
Debian clamav_0.84-2.sarge.6_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_amd64.deb
Debian clamav_0.84-2.sarge.6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_arm.deb
Debian clamav_0.84-2.sarge.6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_hppa.deb
Debian clamav_0.84-2.sarge.6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_i386.deb
Debian clamav_0.84-2.sarge.6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_ia64.deb
Debian clamav_0.84-2.sarge.6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_m68k.deb
Debian clamav_0.84-2.sarge.6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_mips.deb
Debian clamav_0.84-2.sarge.6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_mipsel.deb
Debian clamav_0.84-2.sarge.6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_powerpc.deb
Debian clamav_0.84-2.sarge.6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_s390.deb
Debian clamav_0.84-2.sarge.6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_sparc.deb
Clam Anti-Virus ClamAV 0.84 rc1
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.84 rc2
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Debian clamav-docs_0.84-2.sarge.6_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84 -2.sarge.6_all.deb
Debian clamav-milter_0.84-2.sarge.6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_alpha.deb
Debian clamav-testfiles_0.84-2.sarge.6_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles _0.84-2.sarge.6_all.deb
Clam Anti-Virus ClamAV 0.85
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Conectiva clamav-0.87.1-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/clamav-0.87.1-70136U10_12c l.i386.rpm
Conectiva clamav-database-0.87.1.20050625-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/clamav-database-0.87.1.200 50625-70136U10_12cl.i386.rpm
Conectiva libclamav-devel-0.87.1-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-0.87.1-701 36U10_12cl.i386.rpm
Conectiva libclamav-devel-static-0.87.1-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-static-0.8 7.1-70136U10_12cl.i386.rpm
Conectiva libclamav1-0.87.1-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav1-0.87.1-70136U10 _12cl.i386.rpm
Clam Anti-Virus ClamAV 0.86 .1
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.86
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.86.2
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Clam Anti-Virus ClamAV 0.87
Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d
Mandriva clamav-0.87.1-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-0.87.1-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-db-0.87.1-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-db-0.87.1-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-milter-0.87.1-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamav-milter-0.87.1-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamd-0.87.1-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3
Mandriva clamd-0.87.1-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
浏览次数:2195
严重程度:0(网友投票)
绿盟科技给您安全的保障