منذ /02-15-2010, 07:36 PM
|
#1 (permalink)
|
|[ عضـٍـٍـٍو مبـٍـٍـٍـٍدع]|
|
رقم
المستوى :
16402 |
|
تاريخ
التسجيل :
Dec 2009 |
|
المشآركآت
:
653 |
|
cutable to a Clam AntiVirus insta
|
Multiple vulnerabilities in ClamAV allow for the remote execution of
arbitrary code or Denial of Service.
Background
Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways.
Affected Packages
Package: app-antivirus/clamav
Vulnerable: < 0.95.2
Unaffected: >= 0.95.2
Architectures: All supported architectures
De******ion
Multiple vulnerabilities have been found in ClamAV:
- The
vendor reported a Divide-by-zero error in the PE ("Portable
Executable"; Windows .exe) file handling of ClamAV
(CVE-2008-6680).
- Jeffrey Thomas Peckham found a flaw in
libclamav/untar.c, possibly resulting in an infinite loop when
processing TAR archives in clamd and clamscan (CVE-2009-1270).
- Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro
in libclamav/others.h, when processing UPack archives
(CVE-2009-1371).
- Nigel disclosed a stack-based buffer overflow
in the "cli_url_canon()" function in libclamav/phishcheck.c when
processing URLs (CVE-2009-1372).
Impact
A remote attacker could entice a user or automated system to process a
specially crafted UPack archive or a file containing a specially
crafted URL, possibly resulting in the remote execution of arbitrary
code with the privileges of the user running the application, or a
Denial of Service. Furthermore, a remote attacker could cause a Denial
of Service by supplying a specially crafted TAR archive or PE
executable to a Clam AntiVirus instance.
Workaround
There is no known workaround at this time.
Resolution
All Clam AntiVirus users shoul
|
|
|
|
|
آلاهدآئـــآت
المواضيع المتشابهه
العرض العادي
