ID CVE-2007-3725
Summary The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:0.15
    cpe:2.3:a:clam_anti-virus:clamav:0.15
  • cpe:2.3:a:clam_anti-virus:clamav:0.20
    cpe:2.3:a:clam_anti-virus:clamav:0.20
  • cpe:2.3:a:clam_anti-virus:clamav:0.21
    cpe:2.3:a:clam_anti-virus:clamav:0.21
  • cpe:2.3:a:clam_anti-virus:clamav:0.22
    cpe:2.3:a:clam_anti-virus:clamav:0.22
  • cpe:2.3:a:clam_anti-virus:clamav:0.23
    cpe:2.3:a:clam_anti-virus:clamav:0.23
  • cpe:2.3:a:clam_anti-virus:clamav:0.24
    cpe:2.3:a:clam_anti-virus:clamav:0.24
  • cpe:2.3:a:clam_anti-virus:clamav:0.51
    cpe:2.3:a:clam_anti-virus:clamav:0.51
  • cpe:2.3:a:clam_anti-virus:clamav:0.52
    cpe:2.3:a:clam_anti-virus:clamav:0.52
  • cpe:2.3:a:clam_anti-virus:clamav:0.53
    cpe:2.3:a:clam_anti-virus:clamav:0.53
  • cpe:2.3:a:clam_anti-virus:clamav:0.54
    cpe:2.3:a:clam_anti-virus:clamav:0.54
  • cpe:2.3:a:clam_anti-virus:clamav:0.60
    cpe:2.3:a:clam_anti-virus:clamav:0.60
  • cpe:2.3:a:clam_anti-virus:clamav:0.60p
    cpe:2.3:a:clam_anti-virus:clamav:0.60p
  • cpe:2.3:a:clam_anti-virus:clamav:0.65
    cpe:2.3:a:clam_anti-virus:clamav:0.65
  • cpe:2.3:a:clam_anti-virus:clamav:0.67
    cpe:2.3:a:clam_anti-virus:clamav:0.67
  • cpe:2.3:a:clam_anti-virus:clamav:0.68
    cpe:2.3:a:clam_anti-virus:clamav:0.68
  • cpe:2.3:a:clam_anti-virus:clamav:0.68.1
    cpe:2.3:a:clam_anti-virus:clamav:0.68.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.70
    cpe:2.3:a:clam_anti-virus:clamav:0.70
  • cpe:2.3:a:clam_anti-virus:clamav:0.71
    cpe:2.3:a:clam_anti-virus:clamav:0.71
  • cpe:2.3:a:clam_anti-virus:clamav:0.72
    cpe:2.3:a:clam_anti-virus:clamav:0.72
  • cpe:2.3:a:clam_anti-virus:clamav:0.73
    cpe:2.3:a:clam_anti-virus:clamav:0.73
  • cpe:2.3:a:clam_anti-virus:clamav:0.74
    cpe:2.3:a:clam_anti-virus:clamav:0.74
  • cpe:2.3:a:clam_anti-virus:clamav:0.75
    cpe:2.3:a:clam_anti-virus:clamav:0.75
  • cpe:2.3:a:clam_anti-virus:clamav:0.75.1
    cpe:2.3:a:clam_anti-virus:clamav:0.75.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.80
    cpe:2.3:a:clam_anti-virus:clamav:0.80
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4
  • cpe:2.3:a:clam_anti-virus:clamav:0.81
    cpe:2.3:a:clam_anti-virus:clamav:0.81
  • cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.82
    cpe:2.3:a:clam_anti-virus:clamav:0.82
  • cpe:2.3:a:clam_anti-virus:clamav:0.83
    cpe:2.3:a:clam_anti-virus:clamav:0.83
  • cpe:2.3:a:clam_anti-virus:clamav:0.84
    cpe:2.3:a:clam_anti-virus:clamav:0.84
  • cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2
    cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2
  • cpe:2.3:a:clam_anti-virus:clamav:0.85
    cpe:2.3:a:clam_anti-virus:clamav:0.85
  • cpe:2.3:a:clam_anti-virus:clamav:0.85.1
    cpe:2.3:a:clam_anti-virus:clamav:0.85.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.86
    cpe:2.3:a:clam_anti-virus:clamav:0.86
  • cpe:2.3:a:clam_anti-virus:clamav:0.86.1
    cpe:2.3:a:clam_anti-virus:clamav:0.86.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.86.2
    cpe:2.3:a:clam_anti-virus:clamav:0.86.2
  • cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.87
    cpe:2.3:a:clam_anti-virus:clamav:0.87
  • cpe:2.3:a:clam_anti-virus:clamav:0.87.1
    cpe:2.3:a:clam_anti-virus:clamav:0.87.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.88
    cpe:2.3:a:clam_anti-virus:clamav:0.88
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.1
    cpe:2.3:a:clam_anti-virus:clamav:0.88.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.3
    cpe:2.3:a:clam_anti-virus:clamav:0.88.3
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.4
    cpe:2.3:a:clam_anti-virus:clamav:0.88.4
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.5
    cpe:2.3:a:clam_anti-virus:clamav:0.88.5
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.6
    cpe:2.3:a:clam_anti-virus:clamav:0.88.6
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.7
    cpe:2.3:a:clam_anti-virus:clamav:0.88.7
  • cpe:2.3:a:clam_anti-virus:clamav:0.90
    cpe:2.3:a:clam_anti-virus:clamav:0.90
  • cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1
    cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2
    cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2
  • cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3
    cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3
CVSS
Base: 4.3 (as of 14-07-2007 - 06:43)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability. CVE-2007-3725. Remote exploit for linux platform
id EDB-ID:30291
last seen 2016-02-03
modified 2007-07-11
published 2007-07-11
reporter Metaeye Security Group
source https://www.exploit-db.com/download/30291/
title Multiple Vendors - RAR Handling Remote Null Pointer Dereference Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-3902.NASL
    description This clamav version update to 0.91.1 fixes among other things the long startup time of version 0.90.3 as well as a possibilty to crash clamav with specially crafted rar archives. (CVE-2007-3725)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29403
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29403
    title SuSE 10 Security Update : clamav (ZYPP Patch Number 3902)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1340.NASL
    description A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives. We are currently unable to provide fixed packages for the MIPS architectures. Those packages will be installed in the security archive when they become available.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25782
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25782
    title Debian DSA-1340-1 : clamav - NULL pointer dereference
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-04 (ClamAV: Denial of Service) Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives. Impact : A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25869
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25869
    title GLSA-200708-04 : ClamAV: Denial of Service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-3901.NASL
    description This clamav version update to 0.91.1 fixes among other things the long startup time of version 0.90.3 as well as a possibilty to crash clamav with specially crafted rar archives (CVE-2007-3725).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27184
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27184
    title openSUSE 10 Security Update : clamav (clamav-3901)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-150.NASL
    description A vulnerability in the RAR VM in ClamAV allowed user-assisted remote attackers to cause a crash via a crafted RAR archive which resulted in a NULL pointer dereference. Other bugs have also been corrected in 0.91.1 which is being provided with this update.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25796
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25796
    title Mandrake Linux Security Advisory : clamav (MDKSA-2007:150)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
refmap via4
apple APPLE-SA-2008-03-18
bugtraq 20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.
confirm
debian DSA-1340
fulldisc 20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.
gentoo GLSA-200708-04
mandriva MDKSA-2007:150
misc http://www.metaeye.org/advisories/54
osvdb 36907
secunia
  • 26038
  • 26164
  • 26209
  • 26226
  • 26231
  • 26377
  • 29420
suse SUSE-SR:2007:015
trustix 2007-0023
vupen
  • ADV-2007-2509
  • ADV-2007-2643
  • ADV-2008-0924
xf clamav-rarvm-dos(35367)
Last major update 30-10-2012 - 22:39
Published 12-07-2007 - 12:30
Last modified 15-10-2018 - 17:30
Back to Top