New ClamAV version fixes buffer overflow vulnerability

If you're running a version of ClamAV 0.90, now is the time to upgrade to version 0.90.2, released last Friday. This version contains a fix for a buffer overflow vulnerability, CVE-2007-1997, identified by iDefense. An attacker can convince a user (or mail gateway) to scan a maliciously crafted CAB file that could lead to arbitrary code execution under the user account running the scanner. 

As a temporary workaround, you could drop CAB files prior to executing the scanner. This is particulary relevant for e-mail gateways, which generally only need to allow a limited set of filetypes. The CAB format is an archive often used by Microsoft for software distribution, so on a web proxy this may be problematic.


158 Posts
Apr 16th 2007

Sign Up for Free or Log In to start participating in the conversation!