Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New Vulnerabilities in ClamAV - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Vulnerabilities in ClamAV

Roflek and Lolek of TK53 has published a couple new vulnerabilities in ClamAV. Specifically three vulnerabilities- a race condition, a way to bypass scanning in Base64 UUencoded files, and finally a failure in file existence checking that potentially allows an attacker to overwrite files. It's a good read, full details are here: http://seclists.org/fulldisclosure/2007/Dec/0625.html

Toby

68 Posts

Sign Up for Free or Log In to start participating in the conversation!