The US-CERT website posted an advisory in relation to multiple ClamAV vulnerabilities. In total, four vulnerabilities were discovered which could result in remote code execution or a denial of service attack.
Fortunately, ClamAV have released version 0.93 with fixes for these issues. The change log shows the following fixes:
Mon Apr 14 21:35:11 CEST 2008 (tk)
----------------------------------
* Check in 0.93 patches:
- libclamunrar: bb#541 (RAR - Version required to extract - Evasion)
- libclamav/spin.c: bb#876 (PeSpin Heap Overflow Vulnerability)
- libclamav/pe.c: bb#878 (Upack Buffer Overflow Vulnerability)
- libclamav/message.c: bb#881 (message.c: read beyond allocated region)
- libclamav/unarj.c: bb#897 (ARJ: Sample from CERT-FI hangs clamav)
- libclamunrar: bb#898 (RAR crashes on some fuzzed files from CERT-FI)
The update to ClamAV is available for download here
Showing posts with label anti-virus. Show all posts
Showing posts with label anti-virus. Show all posts
Tuesday, April 15, 2008
ClamAV Vulnerabilities
Subscribe to:
Posts (Atom)
