Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 274510 - <app-antivirus/clamav-0.95.2 CAB,RAR,ZIP parsing engine error
Summary: <app-antivirus/clamav-0.95.2 CAB,RAR,ZIP parsing engine error
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://svn.clamav.net/svn/clamav-deve...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-06-17 14:10 UTC by Stefan Behte (RETIRED)
Modified: 2009-07-10 16:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-06-17 14:10:59 UTC 
http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html

Changelog:

Wed Jun 10 18:04:53 CEST 2009 (tk)
----------------------------------
 * libclamav: detect and handle archives hidden inside other files (eg. images),
	      which can be unpacked by WinZip, WinRAR and other tools (bb#1554)
	      Reported by ROGER Mickael and Thierry Zoller

Wed Jun 10 18:02:31 CEST 2009 (tk)
----------------------------------
 * libclamav/mspack.c, cab.c: don't rely on file sizes stored in CAB headers (bb#1562)
			      Reported by Thierry*Zoller <Thierry*Zoller.lu>

Wed Jun 10 17:58:47 CEST 2009 (acab)
------------------------------------
 * libclamunrar/unrarvm.c: fix handling of some broken rar files
Comment 1 Hanno Böck gentoo-dev 2009-06-17 21:13:09 UTC 
We usually don't consider virus scanning bypasses as security issues, but the cab issue sounds like it could lead to DoS or even a buffer overflow - I just brought this up on oss-security.
Comment 2 Tobias Scherbaum (RETIRED) gentoo-dev 2009-06-21 09:47:01 UTC 
0.95.2 is in CVS.

Candidate for stabilization:

=app-antivirus/clamav-0.95.2
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-22 21:24:07 UTC 
Net-mail, Antivirus: is it ok to stabilize now?
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2009-06-23 18:58:00 UTC 
(In reply to comment #3)
> Net-mail, Antivirus: is it ok to stabilize now?
> 

I'd say: yes.
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-23 20:12:57 UTC 
Arches, please test and mark stable:
=app-antivirus/clamav-0.95.2
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2009-06-24 01:27:58 UTC 
Stable for HPPA.
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2009-06-24 13:25:46 UTC 
alpha/ia64/sparc/x86 stable
Comment 8 Richard Freeman gentoo-dev 2009-06-25 01:07:57 UTC 
amd64 stable
Comment 9 Brent Baude (RETIRED) gentoo-dev 2009-06-27 14:16:11 UTC 
ppc64 done
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-06-27 14:16:16 UTC 
ppc done
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2009-07-10 14:01:43 UTC 
vote: NO
Comment 12 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-07-10 16:30:19 UTC 
No, closing.