Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 264834 (CVE-2009-1241) - <app-antivirus/clamav-0.95 Detection bypass (CVE-2008-6680,CVE-2009-{1241,1270})
Summary: <app-antivirus/clamav-0.95 Detection bypass (CVE-2008-6680,CVE-2009-{1241,1270})
Status: RESOLVED FIXED
Alias: CVE-2009-1241
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on: 264852 CVE-2009-1371
Blocks:
  Show dependency tree
 
Reported: 2009-04-04 06:56 UTC by Alex Legler (RETIRED)
Modified: 2009-09-09 13:33 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-04-04 06:56:27 UTC
CVE-2009-1241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1241):
  Unspecified vulnerability in ClamAV before 0.95 allows remote
  attackers to bypass detection of malware via a modified RAR archive.
Comment 1 Torsten Veller (RETIRED) gentoo-dev 2009-04-04 07:08:10 UTC
The ebuild is in the tree.

| *clamav-0.95 (31 Mar 2009)
|  
|   31 Mar 2009; Thomas Raschbacher <lordvan@gentoo.org> +clamav-0.95.ebuild:
|   version bump

As always bumping clamav breaks all the other tools like
bugs: 264820 264836
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-04-04 07:27:07 UTC
(In reply to comment #1)
> The ebuild is in the tree.

Aww, I should do update-eix. :/

> As always bumping clamav breaks all the other tools like
> bugs: 264820 264836

Should we delay the stabling until these issues are resolved?
Comment 3 Thomas Raschbacher gentoo-dev 2009-04-09 11:55:56 UTC
fyi 0.95.1 is added too already ..
Comment 4 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-04-09 12:09:40 UTC
CVE-2008-6680 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6680):
  libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
  a denial of service (crash) via a crafted EXE file that triggers a
  divide-by-zero error.

CVE-2009-1270 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1270):
  libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
  cause a denial of service (infinite loop) via a crafted file that
  causes (1) clamd and (2) clamscan to hang.

Comment 5 Thomas Raschbacher gentoo-dev 2009-04-16 13:03:46 UTC
Can we close this one and instead just concentrate on bug #265545 (<0.95.1 security issue) 
Comment 6 Thomas Raschbacher gentoo-dev 2009-04-16 13:08:04 UTC
adding blocker here anyway .. mail-clamav not added but only on 0.95.1 sec bug.
Comment 7 Pawel Madej aka Nysander 2009-06-07 20:10:18 UTC
shouldn't be affected versions dropped from the tree?
Comment 8 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-09-09 13:32:02 UTC
GLSA 200903-04
Comment 9 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-09-09 13:33:12 UTC
err, GLSA 200909-04