Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: InfoSec Handlers Diary Blog - New Vulnerabilities in ClamAV InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Vulnerabilities in ClamAV

Published: 2007-12-31
Last Updated: 2007-12-31 13:51:03 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Roflek and Lolek of TK53 has published a couple new vulnerabilities in ClamAV. Specifically three vulnerabilities- a race condition, a way to bypass scanning in Base64 UUencoded files, and finally a failure in file existence checking that potentially allows an attacker to overwrite files. It's a good read, full details are here: http://seclists.org/fulldisclosure/2007/Dec/0625.html

Keywords:
0 comment(s)
Diary Archives