The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of ClamAV: denial of service via cli_hm_scan

Synthesis of the vulnerability 

An attacker can send an email containing a malicious attachment, in order to generate an error in the cli_hm_scan() function, which stops ClamAV.
Impacted software: ClamAV, Fedora, Mandriva Linux, NLD, OES, openSUSE, SUSE Linux Enterprise Desktop, SLES.
Severity of this computer vulnerability: 2/4.
Creation date: 26/07/2011.
Références of this announce: 2818, BID-48891, CVE-2011-2721, FEDORA-2011-10053, FEDORA-2011-10090, MDVSA-2011:122, openSUSE-SU-2011:0940-1, SUSE-SU-2011:0948-1, VIGILANCE-VUL-10870.

Description of the vulnerability 

The libclamav/matcher-hash.c file implements the management of virus signature hash, using MD5, SHA1 and SHA256 algorithms.

An email can contain a PDF attachment, containing a malicious object. When ClamAV analyzes this object, it calls the cli_scanraw() function which calls the cli_hm_scan() function of the libclamav/matcher-hash.c file, in order to check if its signature is known. However, the function reads the memory located after the last hash, which creates a segmentation error (especially on Solaris).

An attacker can therefore send an email containing a malicious attachment, in order to generate an error in the cli_hm_scan() function, which stops ClamAV.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness bulletin impacts software or systems such as ClamAV, Fedora, Mandriva Linux, NLD, OES, openSUSE, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this computer threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat announce.

Solutions for this threat 

ClamAV: version 0.97.2.
The version 0.97.2 is corrected:
  http://www.clamav.net/lang/en/download/

ClamAV: patch for cli_hm_scan.
A patch is available in information sources.

Fedora: new clamav packages.
New packages are available:
  clamav-0.97.2-1400.fc14
  clamav-0.97.2-1500.fc15

Mandriva: new clamav packages.
New packages are available:
  clamav-0.97.2-0.1mdv2009.0
  clamav-0.97.2-0.1.20060mlcs4
  clamav-0.97.2-0.1mdvmes5.2

SUSE: new clamav packages.
New packages are available, as indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability workaround. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.