Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: New ClamAV version fixes buffer overflow vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New ClamAV version fixes buffer overflow vulnerability

If you're running a version of ClamAV 0.90, now is the time to upgrade to version 0.90.2, released last Friday. This version contains a fix for a buffer overflow vulnerability, CVE-2007-1997, identified by iDefense. An attacker can convince a user (or mail gateway) to scan a maliciously crafted CAB file that could lead to arbitrary code execution under the user account running the scanner. 

As a temporary workaround, you could drop CAB files prior to executing the scanner. This is particulary relevant for e-mail gateways, which generally only need to allow a limited set of filetypes. The CAB format is an archive often used by Microsoft for software distribution, so on a web proxy this may be problematic.

Maarten

158 Posts

Sign Up for Free or Log In to start participating in the conversation!