source: clamav
date: August 28th, 2005
author: Joey Hess
vuln-type: denial of service and privilege escalation
problem-scope: remote
debian-specific: no
cve: CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450
testing-fix: 0.86.2-4etch1
sid-fix: 0.86.2-1
upgrade: apt-get upgrade

Multiple security holes were found in clamav:

CVE-2005-2070

  The ClamAV Mail fILTER (clamav-milter), when used in Sendmail using long
  timeouts, allows remote attackers to cause a denial of service by keeping
  an open connection, which prevents ClamAV from reloading.

CVE-2005-1923

  The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) allows remote
  attackers to cause a denial of service (CPU consumption by infinite loop)
  via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff,
  which causes a zero-length read.

CVE-2005-2056

  The Quantum archive decompressor in Clam AntiVirus (ClamAV) allows remote
  attackers to cause a denial of service (application crash) via a crafted
  Quantum archive.

CVE-2005-1922

  The MS-Expand file handling in Clam AntiVirus (ClamAV) allows remote
  attackers to cause a denial of service (file descriptor and memory
  consumption) via a crafted file that causes repeated errors in the
  cli_msexpand function.

CVE-2005-2450

  Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file
  format processors in libclamav for Clam AntiVirus (ClamAV) allow remote
  attackers to gain privileges via a crafted e-mail message.