Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3215

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3215
Last Modified 12 Sep 2012 10:30:41
Published 18 Jul 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3215

Summary

libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.

Vulnerable Systems

Application

  • Clam Anti-virus Clamav 0.88.2

  • Clam Anti-virus Clamav 0.88.4

  • Clam Anti-virus Clamav 0.88.5

  • Clam Anti-virus Clamav 0.88.6

  • Clam Anti-virus Clamav 0.88.7

  • Clam Anti-virus Clamav 0.90

  • Clam Anti-virus Clamav 0.90.1

  • Clam Anti-virus Clamav 0.90.2

  • Clam Anti-virus Clamav 0.90.3

  • Clam Anti-virus Clamav 0.91.2

  • Clam Anti-virus Clamav 0.92

  • Clam Anti-virus Clamav 0.92.1

  • Clam Anti-virus Clamav 0.93


References

CERT - TA08-260A

XF - clamav-petitec-dos(44200)

VUPEN - ADV-2008-2584

MLIST - [oss-security] 20080715 Re: CVE id request: Clamav

MLIST - [oss-security] 20080708 Re: CVE id request: Clamav

MANDRIVA - MDVSA-2008:166

CONFIRM - http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920

GENTOO - GLSA-200808-07

SECUNIA - 31882

SECUNIA - 31437

CONFIRM - http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html

SUSE - SUSE-SR:2008:015

APPLE - APPLE-SA-2008-09-15

FEDORA - FEDORA-2008-6422

FEDORA - FEDORA-2008-6338

SECUNIA - 31091

Related Patches

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)


Last Updated: 27 May 2016 11:00:40