影响系统
Clam Anti-Virus ClamAV 0.96.5
Clam Anti-Virus ClamAV 0.96.4
Clam Anti-Virus ClamAV 0.96.3
Clam Anti-Virus ClamAV 0.96.2
Clam Anti-Virus ClamAV 0.96.1
Clam Anti-Virus ClamAV 0.95.2
Clam Anti-Virus ClamAV 0.95.1
Clam Anti-Virus ClamAV 0.94.2
Clam Anti-Virus ClamAV 0.94.1
Clam Anti-Virus ClamAV 0.93.3
Clam Anti-Virus ClamAV 0.93.1
Clam Anti-Virus ClamAV 0.92.1
Clam Anti-Virus ClamAV 0.91.2
Clam Anti-Virus ClamAV 0.91.1
Clam Anti-Virus ClamAV 0.90.3
Clam Anti-Virus ClamAV 0.90.2
Clam Anti-Virus ClamAV 0.90.1
+ Debian Linux 4.0 sparc
+ Debian Linux 4.0 s/390
+ Debian Linux 4.0 powerpc
+ Debian Linux 4.0 mipsel
+ Debian Linux 4.0 mips
+ Debian Linux 4.0 m68k
+ Debian Linux 4.0 ia-64
+ Debian Linux 4.0 ia-32
+ Debian Linux 4.0 hppa
+ Debian Linux 4.0 arm
+ Debian Linux 4.0 amd64
+ Debian Linux 4.0 alpha
+ Debian Linux 4.0
Clam Anti-Virus ClamAV 0.90
– MandrakeSoft Corporate Server 4.0 x86_64
– MandrakeSoft Corporate Server 3.0 x86_64
– MandrakeSoft Corporate Server 3.0
– MandrakeSoft Corporate Server 4.0
– MandrakeSoft Linux Mandrake 2007.1 x86_64
– MandrakeSoft Linux Mandrake 2007.1
– MandrakeSoft Linux Mandrake 2007.0 x86_64
– MandrakeSoft Linux Mandrake 2007.0
Clam Anti-Virus ClamAV 0.97
Clam Anti-Virus ClamAV 0.96
Clam Anti-Virus ClamAV 0.95
Clam Anti-Virus ClamAV 0.94
Clam Anti-Virus ClamAV 0.93
Clam Anti-Virus ClamAV 0.92
Clam Anti-Virus ClamAV 0.91
不受影响系统
Clam Anti-Virus ClamAV 0.97.2
危害
远程攻击者可利用此漏洞使"clamd"守护程序崩溃。
攻击所需条件
攻击者必须构建特制Email消息,发送ClamAV处理。
漏洞信息
ClamAV是一款基于unix下的反病毒应用程序。
libclamav/matcher-hash.c提供的"cli_hm_scan()"函数存在单字节错误,通过构建特制的Email消息可使"clamd"守护程序崩溃。
测试方法
厂商解决方案
Clam Anti-Virus ClamAV 0.97.2已经修复此漏洞,建议用户下载使用:
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5
漏洞提供者
Jorgen Lundman
0 条评论。