Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New Vulnerabilities in ClamAV - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Vulnerabilities in ClamAV

Roflek and Lolek of TK53 has published a couple new vulnerabilities in ClamAV. Specifically three vulnerabilities- a race condition, a way to bypass scanning in Base64 UUencoded files, and finally a failure in file existence checking that potentially allows an attacker to overwrite files. It's a good read, full details are here: http://seclists.org/fulldisclosure/2007/Dec/0625.html

Toby

68 Posts

Sign Up for Free or Log In to start participating in the conversation!