ClamAV 资源管理错误漏洞

漏洞信息详情

ClamAV 资源管理错误漏洞

• CNNVD编号：CNNVD-200705-285
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2007-2650
  
• 漏洞类型：
  
  
  资源管理错误
  
• 发布时间：
  
  2007-05-14
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2021-07-14
  
• 厂        商：
  
  clam_anti-virus
• 漏洞来源：
  Victor Stinner※ vi…

ClamAV（Clam AntiVirus）是Clamav团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。

ClamAV 存在资源管理错误漏洞，ClamAV的OLE2解析器没有正确地处理带有畸形FAT分区或超大属性大小的对象，如果扫描到了畸形的OLE2文件的话，就可能触发死循环，导致耗尽大量存储和CPU资源。

厂商补丁：

Debian

——

Debian已经为此发布了一个安全公告(DSA-1320-1)以及相应补丁:

DSA-1320-1：New clamav packages fix several vulnerabilities

链接：
http://www.debian.org/security/2007/dsa-1320” target=”_blank”>

http://www.debian.org/security/2007/dsa-1320

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.dsc” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.dsc

Size/MD5 checksum: 874 334efba90e36f3b1cc1e7d88ca0990bb

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.diff.gz” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.diff.gz

Size/MD5 checksum: 181825 ce287c93cc5080aefcf5d37d1ee4b261

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz

Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.17_all.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.17_all.deb

Size/MD5 checksum: 155334 915b8f9d1fa7eb390dd0b11fa894eb26

http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.17_all.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.17_all.deb

Size/MD5 checksum: 690966 a6411bca9fcc48905421f54bdc71c565

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.17_all.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.17_all.deb

Size/MD5 checksum: 124326 6e75aa8d619f42642f74effb1c8f5bbc

Alpha architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_alpha.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_alpha.deb

Size/MD5 checksum: 74772 551be2a5e31f847c0cfd85c62741b20d

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_alpha.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_alpha.deb

Size/MD5 checksum: 48694 c6be8dca1533ea57b860129e8ca2d9eb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_alpha.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_alpha.deb

Size/MD5 checksum: 2175742 f2aadf9f40b450700336016f04d1d8b5

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_alpha.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_alpha.deb

Size/MD5 checksum: 41726 b9321ac5b1abcc9a89ea1bc5d18b28f2

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_alpha.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_alpha.deb

Size/MD5 checksum: 256230 de4e35581860c20ee5c2054f64c085d0

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_alpha.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_alpha.deb

Size/MD5 checksum: 286640 3a783db1e37ab05a1a3cfdcecf06a1da

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_amd64.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_amd64.deb

Size/MD5 checksum: &nb

来源:BID

链接:http://www.securityfocus.com/bid/24316

来源:SECUNIA

链接:http://secunia.com/advisories/25525

来源:SECUNIA

链接:http://secunia.com/advisories/25558

来源:MLIST

链接:http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html

来源:SECUNIA

链接:http://secunia.com/advisories/25796

来源:SECUNIA

链接:http://secunia.com/advisories/25523

来源:SECUNIA

链接:http://secunia.com/advisories/25688

来源:GENTOO

链接:http://security.gentoo.org/glsa/glsa-200706-05.xml

来源:DEBIAN

链接:https://www.debian.org/security/2007/dsa-1320

来源:SUSE

链接:http://www.novell.com/linux/security/advisories/2007_33_clamav.html

来源:MISC

链接:http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853

来源:CONFIRM

链接:http://kolab.org/security/kolab-vendor-notice-15.txt

来源:CONFIRM

链接:http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/1776

来源:SECUNIA

链接:http://secunia.com/advisories/25553

来源:SECUNIA

链接:http://secunia.com/advisories/25244

来源:MANDRIVA

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:115

来源:BID

链接:https://www.securityfocus.com/bid/24316

来源:TRUSTIX

链接:http://www.trustix.org/errata/2007/0020/