漏洞信息详情
ClamAV RAR处理远程堆溢出拒绝服务漏洞
- CNNVD编号:CNNVD-200706-110
- 危害等级: 中危
![图片[1]-ClamAV RAR处理远程堆溢出拒绝服务漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2007-3123
- 漏洞类型:
缓冲区溢出
- 发布时间:
2007-06-07
- 威胁类型:
远程
- 更新时间:
2007-06-11
- 厂 商:
clam_anti-virus - 漏洞来源:
Elliot※ wccoder@gm… -
漏洞简介
Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。
ClamAV的libclamav库中的unrar.c文件在扫描特制的RAR压缩文件时存在堆溢出漏洞,如果用户受骗访问了设置有特制vm_codesize值的RAR文件的话,就可能触发这个溢出。但由于溢出的内容是用户不可控的,因此这个漏洞只能导致core dump。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian已经为此发布了一个安全公告(DSA-1320-1)以及相应补丁:
DSA-1320-1:New clamav packages fix several vulnerabilities
链接:
http://www.debian.org/security/2007/dsa-1320
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.dsc
Size/MD5 checksum:874 334efba90e36f3b1cc1e7d88ca0990bb
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.diff.gz
Size/MD5 checksum: 181825 ce287c93cc5080aefcf5d37d1ee4b261
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
Size/MD5 checksum:4006624 c43213da01d510faf117daa9a4d5326c
Architecture independent components:
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.17_all.deb
Size/MD5 checksum: 155334 915b8f9d1fa7eb390dd0b11fa894eb26
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.17_all.deb
Size/MD5 checksum: 690966 a6411bca9fcc48905421f54bdc71c565
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.17_all.deb
Size/MD5 checksum: 124326 6e75aa8d619f42642f74effb1c8f5bbc
Alpha architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_alpha.deb
Size/MD5 checksum:74772 551be2a5e31f847c0cfd85c62741b20d
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_alpha.deb
Size/MD5 checksum:48694 c6be8dca1533ea57b860129e8ca2d9eb
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_alpha.deb
Size/MD5 checksum:2175742 f2aadf9f40b450700336016f04d1d8b5
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_alpha.deb
Size/MD5 checksum:41726 b9321ac5b1abcc9a89ea1bc5d18b28f2
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_alpha.deb
Size/MD5 checksum: 256230 de4e35581860c20ee5c2054f64c085d0
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_alpha.deb
Size/MD5 checksum: 286640 3a783db1e37ab05a1a3cfdcecf06a1da
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_amd64.deb
Size/MD5 checksum:69012 667f196a7a32aab096c367f7bf26282d
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_amd64.deb
Size/MD5 checksum:44292 0120d71543d4ef2c8e9efae415adfd91
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_amd64.deb
Size/MD5 checksum:2173286 2a0fa1500ffbcf558ef9a6457194ee08
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_amd64.deb
Size/MD5 checksum:40038 a74bb9d6ba3e89c30e43922057eb1e39
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_amd64.deb
Size/MD5 checksum: 176930 e9cfce45a46c64cd3c4eebe15ac982aa
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_amd64.deb
Size/MD5 checksum: 260556 7168bf2f028f3c4a1007f5ee2d695124
ARM architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_arm.deb
Size/MD5 checksum:63972 dce54c07353f72e1b0b7150fdae56c26
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_arm.deb
Size/MD5 checksum:39636 355c3d6339ad504eb50b6fdc691960e3
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_arm.deb
Size/MD5 checksum:2171310 5f3df00980a65a26623f860163a76934
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_arm.deb
Size/MD5 checksum:37318 9795238d043311232cb796607a163986
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_arm.deb
Size/MD5 checksum: 175254 46ffe53ba82fa982b12fd58340a4e845
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_arm.deb
Size/MD5 checksum: 250442 ef577a1c45a34e5ee4a4a650b6ee8056
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_hppa.deb
Size/MD5
参考网址
来源: wwws.clamav.net
链接:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521
来源: MLIST
名称: [Clamav-announce] 20070530 announcing ClamAV 0.90.3
链接:http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html
来源: svn.clamav.net
链接:http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
来源: XF
名称: clamav-rar-dos(34778)
链接:http://xforce.iss.net/xforce/xfdb/34778
来源: BID
名称: 24289
链接:http://www.securityfocus.com/bid/24289
来源: SUSE
名称: SUSE-SA:2007:033
链接:http://www.novell.com/linux/security/advisories/2007_33_clamav.html
来源: DEBIAN
名称: DSA-1320
链接:http://www.debian.org/security/2007/dsa-1320
来源: GENTOO
名称: GLSA-200706-05
链接:http://security.gentoo.org/glsa/glsa-200706-05.xml
来源: SECUNIA
名称: 25796
链接:http://secunia.com/advisories/25796
来源: SECUNIA
名称: 25688
链接:http://secunia.com/advisories/25688
来源: SECUNIA
名称: 25525
链接:http://secunia.com/advisories/25525
来源: SECUNIA
名称: 25523
链接:http://secunia.com/advisories/25523
来源: kolab.org
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
