Bug 98221 (CVE-2005-2450)

Summary: VUL-0: CVE-2005-2450: ClamAV 0.86.2 fixes security bugs
Product: [Novell Products] SUSE Security Incidents Reporter: Reinhard Max <max>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P5 - None CC: gp, lnussel, mhoppe
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-2450: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Reinhard Max 2005-07-25 09:56:10 UTC 
This is from an email I got this morning from one of the ClamAV authors:

--- snip ---
Hello,

the new stable version is available for private download at:

http://www.clamav.net/clamav-0.86.2.tar.gz
http://www.clamav.net/clamav-0.86.2.tar.gz.sig

Because this release includes fixes for security bugs on which detailed
information are to be disclosed on Thursday, the freshclam's version
warning will _not_ be delayed.
--- snap ---

So this time we should really have the update packages ready by Thursday.
Comment 1 Reinhard Max 2005-07-25 11:22:56 UTC 
RPMs can be found under /work/built/mbuild/nitsch-max-6 , and will shortly also
be available on ftp://ftp.suse.com/pub/projects/clamav .

Matthias, can you please install the new version on scanhost for a stress test?
Comment 2 Ludwig Nussel 2005-07-25 12:26:54 UTC 
Could you please summarize the security problems that got fixed? 
 
mhoppe is on vacation, someone else has to test it: 
> tel mhoppe|grep -A1 Vacation 
             Vacation: 
             2005/07/09 - 2005/08/02
Comment 3 Reinhard Max 2005-07-25 12:59:51 UTC 
The mail cited above says that details will be made public on Thursday.
Besides that, the change log mentions fixes for some integer overflows and
potential endless loops.

These are the entries from the change log that look like they could have an
impact on security:

--- snip ---
    - libclamav/others.c: cli_rmdirs: fix possible infinite loop (tk)
    - libclamav/fsg.c: Fix possible integer overflow (acab)
    - libclamav/mbox.c: Fix name clash with glibc library (njh)
    - libclamav/others.c: Check for 0 byte allocations in cli_(m|c|re)alloc (tk)
    - libclamav/chmunpack.c: Fix possible malloc overflow (trog)
    - libclamav/tnef.c: Fix possible crash if the length field is 0 or negative
      in headers (njh)
--- snap ---
Comment 4 Reinhard Max 2005-07-25 15:11:42 UTC 
*** Bug 98275 has been marked as a duplicate of this bug. ***
Comment 5 Ludwig Nussel 2005-07-25 15:25:17 UTC 
SM-Tracker-1900
Comment 6 Reinhard Max 2005-07-25 15:41:53 UTC 
Packages for 9.1/SLES9, 9.2, 9.3, and STABLE have been submitted.

I've tested it on two low to medium volume mail servers running 8.2 and 9.1.
Comment 7 Reinhard Max 2005-07-26 14:00:14 UTC 
The new version now runs successfully on the two scanhosts.
Comment 8 Ludwig Nussel 2005-07-27 07:31:39 UTC 
updates released
Comment 9 Marcus Meissner 2005-09-12 10:47:53 UTC 
  CAN-2005-2450
Comment 10 Thomas Biege 2009-10-13 21:35:00 UTC 
CVE-2005-2450: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)