Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1923

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2005-1923
Last Modified 05 Sep 2008 04:50:26
Published 05 Jul 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-1923

Summary

The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.

Vulnerable Systems

Application

  • Clam Anti-virus Clamav 0.83

  • Clam Anti-virus Clamav 0.84 Rc1

  • Clam Anti-virus Clamav 0.84 Rc2

  • Clam Anti-virus Clamav 0.85

  • Clam Anti-virus Clamav 0.85.1


References

IDEFENSE - 20050629 Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability

DEBIAN - DSA-737


Last Updated: 27 May 2016 10:40:20