CVE-2008-0314
published 2008-04-16CVE-2008-0314: Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
9.02%
94.6th percentile
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | — | — |
| clamav | clamav | >= 0 < 0.92.1~dfsg2-1 | 0.92.1~dfsg2-1 |
| clamav | clamav | >= 0 < 0.92.1~dfsg2-1 | 0.92.1~dfsg2-1 |
| clamav | clamav | >= 0 < 0.92.1~dfsg2-1 | 0.92.1~dfsg2-1 |
| clamav | clamav | >= 0 < 0.92.1~dfsg2-1 | 0.92.1~dfsg2-1 |
| debian | clamav | < clamav 0.92.1~dfsg2-1 (bookworm) | clamav 0.92.1~dfsg2-1 (bookworm) |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.8HIGH
vendor_debian7.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: qla2xxx NPIV vport management pseudofiles are world writable
vendor_redhat·2010-01-19·CVSS 1.9
CVE-2009-3556 [LOW] CWE-732 kernel: qla2xxx NPIV vport management pseudofiles are world writable
kernel: qla2xxx NPIV vport management pseudofiles are world writable
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314 update. Issue was add
Red Hat
gedit: untrusted python modules search path
vendor_redhat·2008-08-06·CVSS 6.9
CVE-2009-0314 [MEDIUM] gedit: untrusted python modules search path
gedit: untrusted python modules search path
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Statement: This issue does not affect gedit as shipped in Red Hat Enterprise Linux 3 and 4. It does affect gedit in Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: gedit (Red Hat Enterprise Linux 5) - Will not fix
Red Hat
clamav: PeSpin Heap Overflow Vulnerability
vendor_redhat·2008-04-15·CVSS 7.5
CVE-2008-0314 [HIGH] clamav: PeSpin Heap Overflow Vulnerability
clamav: PeSpin Heap Overflow Vulnerability
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
Debian
CVE-2008-0314: clamav - Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote...
vendor_debian·2008·CVSS 7.5
CVE-2008-0314 [HIGH] CVE-2008-0314: clamav - Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote...
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
Scope: local
bookworm: resolved (fixed in 0.92.1~dfsg2-1)
bullseye: resolved (fixed in 0.92.1~dfsg2-1)
forky: resolved (fixed in 0.92.1~dfsg2-1)
sid: resolved (fixed in 0.92.1~dfsg2-1)
trixie: resolved (fixed in 0.92.1~dfsg2-1)
Red Hat
kernel: ipv6_hop_jumbo remote system crash
vendor_redhat·2007-09-07·CVSS 7.8
CVE-2007-4567 [HIGH] CWE-228 kernel: ipv6_hop_jumbo remote system crash
kernel: ipv6_hop_jumbo remote system crash
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit a11d206d that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314. It was reported and addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0019.
GHSA
GHSA-q36h-8f75-xxcm: Heap-based buffer overflow in spin
ghsa_unreviewed·2022-05-01
CVE-2008-0314 [HIGH] CWE-119 GHSA-q36h-8f75-xxcm: Heap-based buffer overflow in spin
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
OSV
CVE-2008-0314: Heap-based buffer overflow in spin
osv·2008-04-16·CVSS 7.5
CVE-2008-0314 [HIGH] CVE-2008-0314: Heap-based buffer overflow in spin
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash
bugzilla·2009-12-18·CVSS 7.8
CVE-2007-4567 [HIGH] CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash
CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash
Originally discovered by Victor Julien that there is a way to crash the Linux kernel by sending a single IPv6 packet at it.
1) The CVE-2007-4567 issue was reported to Red Hat in September 2007. Red Hat Enterprise Linux 5 was found not to be affected.
2) On December 18, 2009, a customer reported to us that Red Hat Enterprise Linux 5 was vulnerable to CVE-2007-4567.
3) Investigations showed that the issue was introduced in the RHBA-2008-0314 update on May 21, 2008 via a backport of a collection of patches for DoD IPv6 conformance.
4) Updates released on January 7, 2010 for Red Hat Enterprise Linux 5, resolving CVE-2007-4567.
Note that the Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG are
Bugzilla
CVE-2008-0314 clamav: PeSpin Heap Overflow Vulnerability
bugzilla·2008-04-16·CVSS 7.5
CVE-2008-0314 [HIGH] CVE-2008-0314 clamav: PeSpin Heap Overflow Vulnerability
CVE-2008-0314 clamav: PeSpin Heap Overflow Vulnerability
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0314 to the following vulnerability:
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1
allows remote attackers to execute arbitrary code via a crafted PeSpin
packed PE binary with a modified length value.
Fixed in 0.93.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876
Discussion:
clamav-0.92.1-2.fc7 has been submitted as an update for Fedora 7
---
clamav-0.92.1-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
clamav-0.92.1-2.fc8 has been pushed to the Fedora 8 stable repo
Bugzilla
CVE-2007-5938 NULL dereference in iwl driver
bugzilla·2007-11-15·CVSS 5.0
CVE-2007-5938 [MEDIUM] CVE-2007-5938 NULL dereference in iwl driver
CVE-2007-5938 NULL dereference in iwl driver
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5938 to the following vulnerability:
There is a NULL dereference vulnerability in function iwl_set_rate() in compatible/iwl3945-base.c. See References for original advisory:
References:
http://bugs.gentoo.org/show_bug.cgi?id=199209
Discussion:
Reporter changed to [email protected] by request of Jay Turner.
---
This issue does not affect Red Hat Enterprise Linux 3 or 4 due to not including the iwlwifi driver. It did affect Red Hat Enterprise Linux 5 and was addressed via:
https://rhn.redhat.com/errata/RHSA-2008-0154.html
and
https://rhn.redhat.com/errata/RHBA-2008-0314.html
Bugzilla
CVE-2007-5906 kernel-xen 3.1.1 virtual guest system denial of service (hypervisor crash) possibility
bugzilla·2007-11-12·CVSS 4.7
CVE-2007-5906 [MEDIUM] CVE-2007-5906 kernel-xen 3.1.1 virtual guest system denial of service (hypervisor crash) possibility
CVE-2007-5906 kernel-xen 3.1.1 virtual guest system denial of service (hypervisor crash) possibility
Description of problem:
Xen 3.1.1 allows virtual guest system users to cause a denial of
service (hypervisor crash) by using a debug register (DR7) to set
certain breakpoints. (CVE-2007-5906).
Discussion:
Will this bugzilla get the details needed to fix the bug, once those details
become available?
---
The official post is here -- there is also patch provided:
http://lists.xensource.com/archives/html/xen-devel/2007-10/msg01048.html
---
Note that the rebase of the Xen hypervisor to 3.1.2 in the 5.2 kernel
(RHBA-2008:0314) caused this issue to be fixed for Enterprise Linux 5. I'll
therefore update that advisory so that it references this CVE name.
---
This was fixed long ago in all
http://kolab.org/security/kolab-vendor-notice-20.txthttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlhttp://secunia.com/advisories/29863http://secunia.com/advisories/29886http://secunia.com/advisories/29891http://secunia.com/advisories/29975http://secunia.com/advisories/30253http://secunia.com/advisories/30328http://secunia.com/advisories/31576http://secunia.com/advisories/31882http://security.gentoo.org/glsa/glsa-200805-19.xmlhttp://svn.clamav.net/svn/clamav-devel/trunk/ChangeLoghttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://www.debian.org/security/2008/dsa-1549http://www.kb.cert.org/vuls/id/858595http://www.mandriva.com/security/advisories?name=MDVSA-2008:088http://www.securityfocus.com/bid/28784http://www.securitytracker.com/id?1019851http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/1227/referenceshttp://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41823https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.htmlhttps://wwws.clamav.net/bugzilla/show_bug.cgi?id=876http://kolab.org/security/kolab-vendor-notice-20.txthttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlhttp://secunia.com/advisories/29863http://secunia.com/advisories/29886http://secunia.com/advisories/29891http://secunia.com/advisories/29975http://secunia.com/advisories/30253http://secunia.com/advisories/30328http://secunia.com/advisories/31576http://secunia.com/advisories/31882http://security.gentoo.org/glsa/glsa-200805-19.xmlhttp://svn.clamav.net/svn/clamav-devel/trunk/ChangeLoghttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://www.debian.org/security/2008/dsa-1549http://www.kb.cert.org/vuls/id/858595http://www.mandriva.com/security/advisories?name=MDVSA-2008:088http://www.securityfocus.com/bid/28784http://www.securitytracker.com/id?1019851http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/1227/referenceshttp://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41823https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.htmlhttps://wwws.clamav.net/bugzilla/show_bug.cgi?id=876
2008-04-16
Published