Launchpad.net

CVE 2007-0897

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

Related bugs and status

CVE-2007-0897 (Candidate) is related to these bugs:

Bug #190187: Dapper clamav has multiple security issues that require upgrade to new version to fix

Summary				In	Importance	Status
	190187	Dapper clamav has multiple security issues that require upgrade to new version to fix		clamav (Ubuntu)	Undecided	Fix Released
	190187	Dapper clamav has multiple security issues that require upgrade to new version to fix		clamav (Ubuntu Dapper)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20070215 Multiple Vend...
BID: 22580
SECUNIA: 24187
MANDRIVA: MDKSA-2007:043
SUSE: SUSE-SA:2007:017
SECTRACK: 1017659
SECUNIA: 24192
SECUNIA: 24183
SECUNIA: 24319
GENTOO: GLSA-200703-03
SECUNIA: 24332
DEBIAN: DSA-1263
SECUNIA: 24425
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
OSVDB: 32283
VUPEN: ADV-2007-0623
VUPEN: ADV-2008-0924
XF: clamav-cabfile-dos(32531)