Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - New ClamAV version fixes buffer overflow vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New ClamAV version fixes buffer overflow vulnerability

Published: 2007-04-16
Last Updated: 2007-04-16 17:52:54 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

If you're running a version of ClamAV 0.90, now is the time to upgrade to version 0.90.2, released last Friday. This version contains a fix for a buffer overflow vulnerability, CVE-2007-1997, identified by iDefense. An attacker can convince a user (or mail gateway) to scan a maliciously crafted CAB file that could lead to arbitrary code execution under the user account running the scanner. 

As a temporary workaround, you could drop CAB files prior to executing the scanner. This is particulary relevant for e-mail gateways, which generally only need to allow a limited set of filetypes. The CAB format is an archive often used by Microsoft for software distribution, so on a web proxy this may be problematic.

Keywords:
0 comment(s)
Diary Archives