Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1387

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1387
Last Modified 07 Mar 2011 10:07:01
Published 16 Apr 2008 12:05:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1387

Summary

ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Vulnerable Systems

Application

  • Clam Anti-virus Clamav 0.90

  • Clam Anti-virus Clamav 0.90 Rc1.1

  • Clam Anti-virus Clamav 0.90 Rc2

  • Clam Anti-virus Clamav 0.90 Rc3

  • Clam Anti-virus Clamav 0.90.1

  • Clam Anti-virus Clamav 0.90rc1

  • Clam Anti-virus Clamav 0.91

  • Clam Anti-virus Clamav 0.92


References

CERT - TA08-260A

MISC - http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

VUPEN - ADV-2008-2584

VUPEN - ADV-2008-1227

BID - 28782

BUGTRAQ - 20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387

MISC - http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

CONFIRM - http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html

GENTOO - GLSA-200805-19

SECUNIA - 31882

SECUNIA - 31576

APPLE - APPLE-SA-2008-09-15

MISC - http://int21.de/cve/CVE-2008-1387-clamav.html

FEDORA - FEDORA-2008-3900

FEDORA - FEDORA-2008-3420

FEDORA - FEDORA-2008-3358

CONFIRM - https://www.clamav.net/bugzilla/show_bug.cgi?id=897

XF - clamav-arj-unspecified-dos(41822)

BID - 28784

MANDRIVA - MDVSA-2008:088

SECUNIA - 30328

SECUNIA - 30253

SECUNIA - 29975

SECUNIA - 29891

SECUNIA - 29863

SUSE - SUSE-SA:2008:024

CONFIRM - http://kolab.org/security/kolab-vendor-notice-20.txt

Related Patches

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)


Last Updated: 27 May 2016 10:47:08