Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1836

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1836
Last Modified 07 Mar 2011 10:07:42
Published 16 Apr 2008 12:05:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1836

Summary

The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.

Vulnerable Systems

Application

  • Clam Anti-virus Clamav 0.90

  • Clam Anti-virus Clamav 0.90 Rc1.1

  • Clam Anti-virus Clamav 0.90 Rc2

  • Clam Anti-virus Clamav 0.90 Rc3

  • Clam Anti-virus Clamav 0.90.1

  • Clam Anti-virus Clamav 0.90rc1

  • Clam Anti-virus Clamav 0.91

  • Clam Anti-virus Clamav 0.92


References

CERT - TA08-260A

CONFIRM - https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881

VUPEN - ADV-2008-2584

CONFIRM - http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html

GENTOO - GLSA-200805-19

SECUNIA - 31882

SECUNIA - 31576

APPLE - APPLE-SA-2008-09-15

FEDORA - FEDORA-2008-3900

XF - clamav-rfc2231-dos(41868)

BID - 28784

MANDRIVA - MDVSA-2008:088

SECUNIA - 30328

SECUNIA - 30253

SECUNIA - 29891

SUSE - SUSE-SA:2008:024

Related Patches

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)


Last Updated: 27 May 2016 10:47:40