| ID |
CVE-2007-0897
|
| Summary |
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. This vulnerability is addressed in the following product release:
Clam AntiVirus, ClamAV, 0.90 Stable |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 4.3 (as of 29-07-2017 - 01:30) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
| refmap
via4
|
| apple | APPLE-SA-2008-03-18 | | bid | 22580 | | confirm | http://docs.info.apple.com/article.html?artnum=307562 | | debian | DSA-1263 | | gentoo | GLSA-200703-03 | | idefense | 20070215 Multiple Vendor ClamAV CAB File Denial of Service Vulnerability | | mandriva | MDKSA-2007:043 | | osvdb | 32283 | | sectrack | 1017659 | | secunia | - 24183
- 24187
- 24192
- 24319
- 24332
- 24425
- 29420
| | suse | SUSE-SA:2007:017 | | vupen | - ADV-2007-0623
- ADV-2008-0924
| | xf | clamav-cabfile-dos(32531) |
|
| Last major update |
29-07-2017 - 01:30 |
| Published |
16-02-2007 - 19:28 |
| Last modified |
29-07-2017 - 01:30 |
