clamav: Endless loop / hang with crafter arj, CVE-2008-1387

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

Description

CERT-FI published an advisory with a large number of samples of crafted archives.
The file with the md5sum b6046d890e6bd304e3756c88b989559a (named b6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load.

If you're running clamav on a mailserver, an attacker can DoS your Server remotely by sending some mails with the archive attached.

Workaround/Fix

clamav 0.93 fixes this issue beside other security issues, if you're running clamav you should upgrade as soon as possible.

Disclosure Timeline

2008-03-17 CERT-FI publishes advisory
2008-03-26 Vendor contacted
2008-03-27 Vendor approves issue
2008-04-14 Vendor releases 0.93
2008-04-16 Advisory published

CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-1387 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.

Credits and copyright

This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. It's licensed under the creative commons attribution license.

Hanno Boeck, 2008-04-16, http://www.hboeck.de