The US-CERT website posted an advisory in relation to multiple ClamAV vulnerabilities. In total, four vulnerabilities were discovered which could result in remote code execution or a denial of service attack.
Fortunately, ClamAV have released version 0.93 with fixes for these issues. The change log shows the following fixes:
Mon Apr 14 21:35:11 CEST 2008 (tk)
----------------------------------
* Check in 0.93 patches:
- libclamunrar: bb#541 (RAR - Version required to extract - Evasion)
- libclamav/spin.c: bb#876 (PeSpin Heap Overflow Vulnerability)
- libclamav/pe.c: bb#878 (Upack Buffer Overflow Vulnerability)
- libclamav/message.c: bb#881 (message.c: read beyond allocated region)
- libclamav/unarj.c: bb#897 (ARJ: Sample from CERT-FI hangs clamav)
- libclamunrar: bb#898 (RAR crashes on some fuzzed files from CERT-FI)
The update to ClamAV is available for download here
Showing posts with label denial. Show all posts
Showing posts with label denial. Show all posts
Tuesday, April 15, 2008
ClamAV Vulnerabilities
Subscribe to:
Posts (Atom)
