Miembros de
Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en ClamAV |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | ClamAV < 0.90 |
Descripción |
|
|
Se han descubierto múltiples vulnerabilidades en ClamAV. Las vulnerabilidades son descritas a continuación. - CVE-2007-0897: Se ha descubierto una vulnerabilidad en ClamAV en versiones anteriores a 0.90. La vulnerabilidad reside en que no cierra los descriptores de ficheros bajo ciertas condiciones. Un atacante remoto podría causar una denegación de servicio mediante archivos CAB con una cabecera de registro de longitud cero, que causaría que la función volviese sin cerrar el descriptor de fichero. - CVE-2007-0898: Se ha descubierto una vulnerabilidad de directorio transversal en el servidor clamd de Clam AntiVirus ClamAV anterior a la versión 0.90. La vulnerabilidad reside en un error cuando maneja el parámetro de cabecera id MIME. Un atacante remoto podría sobrescribir archivos arbitrarios mediante la secuencia .. (punto punto) en el parámetro de cabecera id MIME en un mensaje con múltiples partes. |
|
Solución |
|
|
Actualización de software Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/clamav-0.90-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/clamav-db-0.90-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/clamav-milter-0.90-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/clamd-0.90-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/libclamav1-0.90-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/libclamav1-devel-0.90-0.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/clamav-0.90-0.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/clamav-0.90-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/clamav-db-0.90-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/clamav-milter-0.90-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/clamd-0.90-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/lib64clamav1-0.90-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/lib64clamav1-devel-0.90-0.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/clamav-0.90-0.1.C30mdk.src.rpm Mandriva Linux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/clamav-0.90-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/clamav-db-0.90-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/clamav-milter-0.90-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/clamd-0.90-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/libclamav1-0.90-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/libclamav1-devel-0.90-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/clamav-0.90-0.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/clamav-0.90-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/clamav-db-0.90-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/clamav-milter-0.90-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/clamd-0.90-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/lib64clamav1-0.90-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/lib64clamav1-devel-0.90-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/clamav-0.90-0.1.20060mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/clamav-0.90-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/clamav-db-0.90-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/clamav-milter-0.90-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/clamd-0.90-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libclamav1-0.90-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libclamav1-devel-0.90-1.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/clamav-0.90-1.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/clamav-0.90-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/clamav-db-0.90-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/clamav-milter-0.90-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/clamd-0.90-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64clamav1-0.90-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64clamav1-devel-0.90-1.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/clamav-0.90-1.1mdv2007.0.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/clamav-0.90-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/clamav-db-0.90-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/clamav-milter-0.90-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/clamd-0.90-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libclamav1-0.90-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libclamav1-devel-0.90-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/clamav-0.90-0.1.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/clamav-0.90-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/clamav-db-0.90-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/clamav-milter-0.90-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/clamd-0.90-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64clamav1-0.90-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64clamav1-devel-0.90-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/clamav-0.90-0.1.20060mlcs4.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.dsc http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.diff.gz http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.15_all.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.15_all.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.15_all.deb Alpha http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_alpha.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_alpha.deb AMD64 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_amd64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_amd64.deb ARM http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_arm.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_arm.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_arm.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_arm.deb HP Precision http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_hppa.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_i386.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_i386.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_i386.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_ia64.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_m68k.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mips.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mips.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mips.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mipsel.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_powerpc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_s390.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_s390.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_s390.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_sparc.deb http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_sparc.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CVE-2007-0897 CVE-2007-0898 |
| BID |
22580 22581 |
Recursos adicionales |
|
|
Mandriva Security Advisory (MDKSA-2007:043) http://www.mandriva.com/security/advisories?name=MDKSA-2007:043 SUSE Security Advisory (SUSE-SA:2007:017) http://www.novell.com/linux/security/advisories/2007_17_clamav.html Debian Security Advisory (DSA 1263-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00018.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-02-20 |
| 1.1 | Aviso emitido por Suse (SUSE-SA:2007:017) | 2007-02-27 |
| 1.2 | Aviso emitido por Debian (DSA 1263-1) | 2007-03-07 |