ID CVE-2005-3500
Summary The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 15316
confirm http://sourceforge.net/project/shownotes.php?release_id=368319
debian DSA-887
gentoo GLSA-200511-04
idefense 20051104 Clam AntiVirus tnef_attachment() DoS Vulnerability
mandriva MDKSA-2005:205
osvdb 20483
sectrack 1015154
secunia
  • 17184
  • 17434
  • 17451
  • 17501
  • 17559
sreason 152
suse SUSE-SR:2005:026
vupen ADV-2005-2294
Last major update 08-03-2011 - 02:26
Published 05-11-2005 - 11:02
Last modified 08-03-2011 - 02:26
Back to Top