Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 347627 (CVE-2010-4260) - <app-antivirus/clamav-0.96.5: Denial of Service and Memory Corruption Vulnerabilities (CVE-2010-{4260,4261,4479})
Summary: <app-antivirus/clamav-0.96.5: Denial of Service and Memory Corruption Vulnera...
Status: RESOLVED FIXED
Alias: CVE-2010-4260
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://git.clamav.net/gitweb?p=clamav...
Whiteboard: B1 [glsa]
Keywords:
: 347666 347700 347735 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-12-03 08:07 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-23 14:59 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-12-03 08:07:58 UTC
From the Secunia advisory at http://secunia.com/advisories/42426/:

1) Multiple errors within the processing of PDF files can be
exploited to e.g. cause a crash.

2) An off-by-one error within the "icon_cb()" function can be
exploited to cause a memory corruption.

These are reported as fixed in 0.96.5.
Comment 1 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2010-12-03 20:29:23 UTC
*** Bug 347666 has been marked as a duplicate of this bug. ***
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-12-03 22:10:16 UTC
CVEs from http://permalink.gmane.org/gmane.comp.security.oss.general/3883.

<--

> 
> Seems like two security issues:
> 
> "1) Multiple errors within the processing of PDF files can be
> exploited to e.g. cause a crash.

Please use CVE-2010-4260

> 
> 2) An off-by-one error within the "icon_cb()" function can be
> exploited to cause a memory corruption."
> 

Please use CVE-2010-4261
Comment 3 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2010-12-04 09:34:31 UTC
*** Bug 347700 has been marked as a duplicate of this bug. ***
Comment 4 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2010-12-04 18:29:50 UTC
*** Bug 347735 has been marked as a duplicate of this bug. ***
Comment 5 Hanno Böck gentoo-dev 2010-12-04 20:52:36 UTC
Bumped after talking back with radhermit on irc.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2010-12-06 03:14:58 UTC
Arches, please test and mark stable:
=app-antivirus/clamav-0.96.5
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2010-12-06 13:02:05 UTC
x86 stable
Comment 8 Alex Buell 2010-12-06 18:15:16 UTC
Tested on SPARC, works just fine. Stabilisation asap would be ideal.
Comment 9 Giampaolo Tomassoni 2010-12-06 18:39:53 UTC
I'm not an arch member, anyway the unstable package version seems to compile and work fine on my amd64 server.
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2010-12-07 00:22:56 UTC
Stable for HPPA.
Comment 11 Markos Chandras (RETIRED) gentoo-dev 2010-12-07 11:40:56 UTC
amd64 done
Comment 12 Brent Baude (RETIRED) gentoo-dev 2010-12-07 16:48:48 UTC
ppc done
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2010-12-12 17:09:03 UTC
alpha/ia64/sparc stable
Comment 14 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-07 16:37:42 UTC
ppc64 stable.

@security: last arch done
Comment 15 Tim Sammut (RETIRED) gentoo-dev 2011-01-07 16:46:18 UTC
Thanks, everyone.

GLSA Vote: Yes, CVE-2010-4261 scores a 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) according to the NVD.
Comment 16 Stefan Behte (RETIRED) gentoo-dev Security 2011-02-23 22:52:08 UTC
Yes, together with #338226.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2011-07-11 23:27:04 UTC
CVE-2010-4261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4261):
  Off-by-one error in the icon_cb function in pe_icons.c in libclamav in
  ClamAV before 0.96.5 allows remote attackers to cause a denial of service
  (memory corruption and application crash) or possibly execute arbitrary code
  via unspecified vectors.  NOTE: some of these details are obtained from
  third party information.

CVE-2010-4260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4260):
  Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before
  0.96.5 allow remote attackers to cause a denial of service (application
  crash) or possibly execute arbitrary code via a crafted PDF document, aka
  (1) "bb #2358" and (2) "bb #2396."
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 13:45:17 UTC
CVE-2010-4479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4479):
  Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5
  allows remote attackers to cause a denial of service (application crash) or
  possibly execute arbitrary code via a crafted PDF document, aka "bb #2380,"
  a different vulnerability than CVE-2010-4260.
Comment 19 Tim Sammut (RETIRED) gentoo-dev 2011-10-14 23:50:30 UTC
Rerating B1 since clamav often runs in automated systems where it simply scans all email processed, i.e. no user action is required to be exploited.
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2011-10-23 14:59:20 UTC
This issue was resolved and addressed in
 GLSA 201110-20 at http://security.gentoo.org/glsa/glsa-201110-20.xml
by GLSA coordinator Tim Sammut (underling).