Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3501

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3501
Last Modified 14 Jul 2011 12:00:00
Published 05 Nov 2005 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3501

Summary

The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.

Vulnerable Systems

Application

  • Clamav 0.01

  • Clamav 0.02

  • Clamav 0.03

  • Clamav 0.05

  • Clamav 0.10

  • Clamav 0.12

  • Clamav 0.13

  • Clamav 0.14

  • Clamav 0.15

  • Clamav 0.20

  • Clamav 0.21

  • Clamav 0.22

  • Clamav 0.23

  • Clamav 0.24

  • Clamav 0.3

  • Clamav 0.51

  • Clamav 0.52

  • Clamav 0.53

  • Clamav 0.54

  • Clamav 0.60

  • Clamav 0.60p

  • Clamav 0.65

  • Clamav 0.66

  • Clamav 0.67

  • Clamav 0.67-1

  • Clamav 0.68

  • Clamav 0.68.1

  • Clamav 0.70

  • Clamav 0.71

  • Clamav 0.72

  • Clamav 0.73

  • Clamav 0.74

  • Clamav 0.75

  • Clamav 0.75.1

  • Clamav 0.8

  • Clamav 0.80

  • Clamav 0.80 Rc

  • Clamav 0.81

  • Clamav 0.82

  • Clamav 0.83

  • Clamav 0.84

  • Clamav 0.85

  • Clamav 0.85.1

  • Clamav 0.86

  • Clamav 0.86.1

  • Clamav 0.86.2

  • Clamav 0.87


References

IDEFENSE - 20051104 Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=368319

SECUNIA - 17434

VUPEN - ADV-2005-2294

BID - 15317

OSVDB - 20484

MANDRIVA - MDKSA-2005:205

GENTOO - GLSA-200511-04

DEBIAN - DSA-887

SECTRACK - 1015154

SREASON - 150

SECUNIA - 17559

SECUNIA - 17501

SECUNIA - 17451

SECUNIA - 17184


Last Updated: 27 May 2016 10:40:56