National Cyber Awareness System

Vulnerability Summary for CVE-2007-3725

Overview

The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BUGTRAQ

Name: 20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.

Type: Advisory; Patch Information; Exploit

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/473371/100/0/threaded

External Source: MISC

Name: http://www.metaeye.org/advisories/54

Type: Advisory; Patch Information; Exploit

Hyperlink:http://www.metaeye.org/advisories/54

External Source: CONFIRM

Name: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555

Hyperlink:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555

External Source: VUPEN

Name: ADV-2008-0924

Hyperlink:http://www.vupen.com/english/advisories/2008/0924/references

External Source: VUPEN

Name: ADV-2007-2643

Hyperlink:http://www.vupen.com/english/advisories/2007/2643

External Source: VUPEN

Name: ADV-2007-2509

Hyperlink:http://www.vupen.com/english/advisories/2007/2509

External Source: OSVDB

Name: 36907

Hyperlink:http://osvdb.org/36907

External Source: XF

Name: clamav-rarvm-dos(35367)

Hyperlink:http://xforce.iss.net/xforce/xfdb/35367

External Source: TRUSTIX

Name: 2007-0023

Hyperlink:http://www.trustix.org/errata/2007/0023/

External Source: SUSE

Name: SUSE-SR:2007:015

Hyperlink:http://www.novell.com/linux/security/advisories/2007_15_sr.html

External Source: MANDRIVA

Name: MDKSA-2007:150

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:150

External Source: DEBIAN

Name: DSA-1340

Hyperlink:http://www.debian.org/security/2007/dsa-1340

External Source: GENTOO

Name: GLSA-200708-04

Hyperlink:http://security.gentoo.org/glsa/glsa-200708-04.xml

External Source: SECUNIA

Name: 29420

Hyperlink:http://secunia.com/advisories/29420

External Source: SECUNIA

Name: 26377

Hyperlink:http://secunia.com/advisories/26377

External Source: SECUNIA

Name: 26231

Hyperlink:http://secunia.com/advisories/26231

External Source: SECUNIA

Name: 26226

Hyperlink:http://secunia.com/advisories/26226

External Source: SECUNIA

Name: 26209

Hyperlink:http://secunia.com/advisories/26209

External Source: SECUNIA

Name: 26164

Hyperlink:http://secunia.com/advisories/26164

External Source: SECUNIA

Name: 26038

Hyperlink:http://secunia.com/advisories/26038

External Source: FULLDISC

Name: 20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.

Hyperlink:http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html

External Source: APPLE

Name: APPLE-SA-2008-03-18

Hyperlink:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

External Source: CONFIRM

Name: http://kolab.org/security/kolab-vendor-notice-16.txt

Hyperlink:http://kolab.org/security/kolab-vendor-notice-16.txt

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=307562

Hyperlink:http://docs.info.apple.com/article.html?artnum=307562