Anti-Virus' flaws can cause DoS

Aug 22, 2007 15:18 GMT  ·  By

This software has been disclosed to have a couple of vulnerabilities that, if exploited by malicious users, could cause Denial of Service.

The DoS attack is an attempt to make a computer resource unavailable to a certain user. It is generally used to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Such attacks are implemented by forcing the target computer to reset, or consume its resources such that it can no longer provide its intended service. But this is not the only way one malicious user could obstruct the communication media between the intended users and the victim so that they can no longer communicate adequately.

In ClamAv's case, Secunia reports a NULL-pointer dereference error to exist within the "cli_scanrtf()" function in libclamav/rtf.c. This can potentially be exploited to crash ClamAV via a specially crafted RTF file. A second vulnerability reported by the same site consists in a NULL-pointer dereference error existing within the "cli_html_normalise()" function in libclamav/htmlnorm.c. This can potentially be exploited to crash ClamAv via a specially crafted HTML file containing a "data" URL scheme.

These errors are only reported in versions that have been developed before 0.91.2, so if you have the latest version, you are secure. Of course, the solution to these issues is updating to version 0.91.2, so please do it. You can get your PC infected really fast with your anti-virus down, fact which can happen, considering these 2 flaws.

You may download the 0.91.2 version from the official Sourceforge site, clicking on this link will lead you directly to the download page.

Also, if you are interested, you may consult the original advisory (from Sourceforge as well) that can be found on this link right here.