漏洞信息详情

ClamAV cli_check_jpeg_exploit函数畸形JPEG文件拒绝服务漏洞

漏洞简介

Clam AntiVirus是Unix的GPL杀毒工具包,很多邮件网关产品都在使用。

ClamAV的jpeg解析代码中存在递归栈溢出漏洞。如果用户扫描到了恶意的jpeg文件或文件缩略图,就会在没有检查递归限制的情况下调用有漏洞的cli_check_jpeg_exploit函数,触发栈溢出。以下是clamav-0.94\libclamav\special.c文件中的有漏洞代码段:

int cli_check_jpeg_exploit(int fd) <-- fd to jpeg file

{

...

if ((retval=jpeg_check_photoshop(fd)) != 0) {

return retval;

}

...

}

...

static int jpeg_check_photoshop(int fd)

{

...

retval = jpeg_check_photoshop_8bim(fd);

...

}

...

static int jpeg_check_photoshop_8bim(int fd)

{

...

retval = cli_check_jpeg_exploit(fd); <-- calls cli_check_jpeg_exploit()

again without any recursive checks !

...

}

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

http://www.clamav.net/

参考网址

来源: wwws.clamav.net

链接:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266

来源: XF

名称: clamav-special-dos(46985)

链接:http://xforce.iss.net/xforce/xfdb/46985

来源: UBUNTU

名称: USN-684-1

链接:http://www.ubuntu.com/usn/usn-684-1

来源: SECTRACK

名称: 1021296

链接:http://www.securitytracker.com/id?1021296

来源: BID

名称: 32555

链接:http://www.securityfocus.com/bid/32555

来源: MLIST

名称: [oss-security] 20081201 CVE request: clamav 0.94.2

链接:http://www.openwall.com/lists/oss-security/2008/12/01/8

来源: MILW0RM

名称: 7330

链接:http://www.milw0rm.com/exploits/7330

来源: MANDRIVA

名称: MDVSA-2008:239

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:239

来源: VUPEN

名称: ADV-2009-0422

链接:http://www.frsirt.com/english/advisories/2009/0422

来源: VUPEN

名称: ADV-2008-3311

链接:http://www.frsirt.com/english/advisories/2008/3311

来源: DEBIAN

名称: DSA-1680

链接:http://www.debian.org/security/2008/dsa-1680

来源: support.apple.com

链接:http://support.apple.com/kb/HT3438

来源: sourceforge.net

链接:http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=643134

来源: GENTOO

名称: GLSA-200812-21

链接:http://security.gentoo.org/glsa/glsa-200812-21.xml

来源: SECUNIA

名称: 33937

链接:http://secunia.com/advisories/33937

来源: SECUNIA

名称: 33317

链接:http://secunia.com/advisories/33317

来源: SECUNIA

名称: 33195

链接:http://secunia.com/advisories/33195

来源: SECUNIA

名称: 33016

链接:http://secunia.com/advisories/33016

来源: SECUNIA

名称: 32936

链接:http://secunia.com/advisories/32936

来源: SECUNIA

名称: 32926

链接:http://secunia.com/advisories/32926

来源: OSVDB

名称: 50363

链接:http://osvdb.org/50363

来源: MLIST

名称: [clamav-announce] 20081126 announcing ClamAV 0.94.2

链接:http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html

来源: SUSE

名称: SUSE-SR:2008:028

链接:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html

来源: APPLE

名称: APPLE-SA-2009-02-12

链接:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多