Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0318

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-0318
Last Modified 07 Mar 2011 12:00:00
Published 12 Feb 2008 03:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0318

Summary

Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Clam Anti-virus Clamav 0.92


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=575703

FEDORA - FEDORA-2008-1625

FEDORA - FEDORA-2008-1608

VUPEN - ADV-2008-0924

VUPEN - ADV-2008-0606

VUPEN - ADV-2008-0503

BID - 27751

MANDRIVA - MDVSA-2008:088

DEBIAN - DSA-1497

CONFIRM - http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html

SECTRACK - 1019394

GENTOO - GLSA-200802-09

SECUNIA - 29420

SECUNIA - 29060

SECUNIA - 29048

SECUNIA - 29026

SECUNIA - 29001

SECUNIA - 28949

SECUNIA - 28913

SECUNIA - 28907

SUSE - SUSE-SR:2008:004

APPLE - APPLE-SA-2008-03-18

IDEFENSE - 20080212 ClamAV libclamav PE File Integer Overflow Vulnerability

CONFIRM - http://kolab.org/security/kolab-vendor-notice-19.txt

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=209915

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:46:46