| Vulnerability Name: | CVE-2005-3501 (CCN-22965) |
| Assigned: | 2005-11-04 |
| Published: | 2005-11-04 |
| Updated: | 2011-07-14 |
| Summary: | The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-399
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2005-3501
Source: CCN
Type: SA17184
Clam AntiVirus OLE2 Unpacker Potential Denial of Service
Source: SECUNIA
Type: Vendor Advisory
17184
Source: CCN
Type: SA17434
Clam AntiVirus CAB/FSG File Handling and base64 MIME Vulnerabilities
Source: SECUNIA
Type: Patch, Vendor Advisory
17434
Source: SECUNIA
Type: Vendor Advisory
17451
Source: SECUNIA
Type: Vendor Advisory
17501
Source: SECUNIA
Type: Vendor Advisory
17559
Source: SREASON
Type: UNKNOWN
150
Source: CCN
Type: SECTRACK ID: 1015154
Clam AntiVirus CAB, FSG, and OLE Bugs Let Remote Users Deny Service or Execute Arbitrary Code
Source: SECTRACK
Type: UNKNOWN
1015154
Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?release_id=368319
Source: CCN
Type: ClamAV Web site
ClamAV: Project News
Source: CCN
Type: ClamAV Download Web page
clamav 0.87.1 released
Source: DEBIAN
Type: UNKNOWN
DSA-887
Source: DEBIAN
Type: DSA-887
clamav -- several vulnerabilities
Source: CCN
Type: GLSA-200511-04
ClamAV: Multiple vulnerabilities
Source: GENTOO
Type: UNKNOWN
GLSA-200511-04
Source: IDEFENSE
Type: Exploit, Patch, Vendor Advisory
20051104 Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability
Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:205
Source: OSVDB
Type: UNKNOWN
20484
Source: CCN
Type: OSVDB ID: 20484
Clam AntiVirus libclamav/mspack/cabd.c Infinite Loop DoS
Source: BID
Type: UNKNOWN
15317
Source: CCN
Type: BID-15317
Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
Source: VUPEN
Type: Vendor Advisory
ADV-2005-2294
Source: XF
Type: UNKNOWN
clam-cabdfind-dos(22965)
Source: SUSE
Type: SUSE-SR:2005:026
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:clamav:clamav:0.01:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.02:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.03:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.3:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.05:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.8:rc3:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.10:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.12:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.13:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.14:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.14:pre:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.15:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.20:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.21:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.22:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.23:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.24:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.51:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.52:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.53:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.54:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.60:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.60p:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.65:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.66:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.67:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.67-1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.68:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.68.1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.70:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.70:rc:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.71:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.72:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.73:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.74:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.75:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.75.1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc1:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc2:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc3:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc4:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.81:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.81:rc1:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.82:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.83:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.84:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.84:rc1:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.84:rc2:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.85:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.85.1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.86:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.86:rc1:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.86.1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.86.2:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:*:*:*:*:*:*:*:* (Version <= 0.87)
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |