Vulnerability Name:

CVE-2007-3123 (CCN-34778)

Assigned:2007-05-30
Published:2007-05-30
Updated:2017-07-29
Summary:unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-3123

Source: CCN
Type: Kolab Server Web site
Kolab Groupware:: Home

Source: CCN
Type: Kolab Security Issue 15 20070601
denial of service, insecure temporary files

Source: CONFIRM
Type: UNKNOWN
http://kolab.org/security/kolab-vendor-notice-15.txt

Source: MLIST
Type: Patch
[Clamav-announce] 20070530 announcing ClamAV 0.90.3

Source: OSVDB
Type: UNKNOWN
35522

Source: SECUNIA
Type: UNKNOWN
25523

Source: CCN
Type: SA25525
Kolab Server ClamAV Denial of Service

Source: SECUNIA
Type: UNKNOWN
25525

Source: SECUNIA
Type: UNKNOWN
25688

Source: SECUNIA
Type: UNKNOWN
25796

Source: GENTOO
Type: UNKNOWN
GLSA-200706-05

Source: CONFIRM
Type: UNKNOWN
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Source: CCN
Type: Clam AntiVirus Web site
Clam AntiVirus

Source: DEBIAN
Type: UNKNOWN
DSA-1320

Source: DEBIAN
Type: DSA-1320
clamav -- several vulnerabilities

Source: CCN
Type: GLSA-200706-05
ClamAV: Multiple Denials of Service

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:033

Source: CCN
Type: OSVDB ID: 35522
Clam AntiVirus libclamav Multiple Unspecified Issue

Source: BID
Type: UNKNOWN
24289

Source: CCN
Type: BID-24289
Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
clamav-rar-dos(34778)

Source: XF
Type: UNKNOWN
clamav-rar-dos(34778)

Source: CONFIRM
Type: Patch
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:kolab:kolab_server:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:kolab:kolab_server:2.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073123
    V
    		CVE-2007-3123
    2015-11-16
    oval:org.mitre.oval:def:18727
    P
    		DSA-1320-1 clamav
    2014-06-23
    oval:org.debian:def:1320
    V
    		several vulnerabilities
    2007-06-23
    BACK
    clam_anti-virus clamav 0.90
    clam_anti-virus clamav 0.90.1
    clam_anti-virus clamav 0.90.2
    clam_anti-virus clamav 0.90_rc1.1
    clam_anti-virus clamav 0.90_rc2
    clam_anti-virus clamav 0.90_rc3
    kolab kolab server 2.0.4
    kolab kolab server 2.1.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    debian debian linux 4.0
    mandrakesoft mandrake linux 2007.1