Vulnerability Name: | CVE-2005-3501 (CCN-22965) |
Assigned: | 2005-11-04 |
Published: | 2005-11-04 |
Updated: | 2011-07-14 |
Summary: | The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Low |
|
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Partial | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Partial |
|
Vulnerability Type: | CWE-399
|
Vulnerability Consequences: | Denial of Service |
References: | Source: MITRE Type: CNA CVE-2005-3501
Source: CCN Type: SA17184 Clam AntiVirus OLE2 Unpacker Potential Denial of Service
Source: SECUNIA Type: Vendor Advisory 17184
Source: CCN Type: SA17434 Clam AntiVirus CAB/FSG File Handling and base64 MIME Vulnerabilities
Source: SECUNIA Type: Patch, Vendor Advisory 17434
Source: SECUNIA Type: Vendor Advisory 17451
Source: SECUNIA Type: Vendor Advisory 17501
Source: SECUNIA Type: Vendor Advisory 17559
Source: SREASON Type: UNKNOWN 150
Source: CCN Type: SECTRACK ID: 1015154 Clam AntiVirus CAB, FSG, and OLE Bugs Let Remote Users Deny Service or Execute Arbitrary Code
Source: SECTRACK Type: UNKNOWN 1015154
Source: CONFIRM Type: Patch http://sourceforge.net/project/shownotes.php?release_id=368319
Source: CCN Type: ClamAV Web site ClamAV: Project News
Source: CCN Type: ClamAV Download Web page clamav 0.87.1 released
Source: DEBIAN Type: UNKNOWN DSA-887
Source: DEBIAN Type: DSA-887 clamav -- several vulnerabilities
Source: CCN Type: GLSA-200511-04 ClamAV: Multiple vulnerabilities
Source: GENTOO Type: UNKNOWN GLSA-200511-04
Source: IDEFENSE Type: Exploit, Patch, Vendor Advisory 20051104 Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability
Source: MANDRIVA Type: UNKNOWN MDKSA-2005:205
Source: OSVDB Type: UNKNOWN 20484
Source: CCN Type: OSVDB ID: 20484 Clam AntiVirus libclamav/mspack/cabd.c Infinite Loop DoS
Source: BID Type: UNKNOWN 15317
Source: CCN Type: BID-15317 Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
Source: VUPEN Type: Vendor Advisory ADV-2005-2294
Source: XF Type: UNKNOWN clam-cabdfind-dos(22965)
Source: SUSE Type: SUSE-SR:2005:026 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration 1: cpe:/a:clamav:clamav:0.01:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.02:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.03:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.3:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.05:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.8:rc3:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.10:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.12:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.13:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.14:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.14:pre:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.15:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.20:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.21:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.22:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.23:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.24:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.51:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.52:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.53:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.54:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.60:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.60p:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.65:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.66:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.67:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.67-1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.68:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.68.1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.70:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.70:rc:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.71:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.72:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.73:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.74:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.75:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.75.1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc1:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc2:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc3:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80:rc4:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.81:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.81:rc1:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.82:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.83:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.84:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.84:rc1:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.84:rc2:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.85:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.85.1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.86:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.86:rc1:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.86.1:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:0.86.2:*:*:*:*:*:*:*OR cpe:/a:clamav:clamav:*:*:*:*:*:*:*:* (Version <= 0.87)
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |