Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: New Vulnerabilities in ClamAV SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Vulnerabilities in ClamAV

Roflek and Lolek of TK53 has published a couple new vulnerabilities in ClamAV. Specifically three vulnerabilities- a race condition, a way to bypass scanning in Base64 UUencoded files, and finally a failure in file existence checking that potentially allows an attacker to overwrite files. It's a good read, full details are here: http://seclists.org/fulldisclosure/2007/Dec/0625.html

Toby

68 Posts

Sign Up for Free or Log In to start participating in the conversation!