Bigbruin.com
Home :: Reviews & Articles ::
Forum :: Info :: :: Facebook :: Youtube :: RSS Feed
Search  :: Register :: Log in
Clamav security vulnerabilities
Post new topic   Reply to topic    Bigbruin.com Forum Index -> Software
View previous topic :: View next topic  
Author Message
BeerCheeze
*hick*


Joined: 14 Jun 2003
Posts: 9285
Location: At the Bar

PostPosted: Thu, 15 Feb 2007 17:57:22    Post Subject: Clamav security vulnerabilities Reply with quote View Single Post

Becasue I know some of you run it, make sure you update to the latest version of the app (not just the signatures)

Quote:
The Clamav development team released version 0.90 of their open-source antivirus toolkit today. This version contains fixes for security vulnerabilities described in a number of iDefense advisories that were simultaneously published.

ClamAV CAB File Denial of Service Vulnerability (CVE-2007-0898)
Remote attackers can perform a service degradation attack by sending a malformed CAB file through a gateway scanner running ClamAV. The vulnerability can prevent ClamAV from scanning archives succesfully by depleting the available local file descriptors. iDefense investigated a number of common setups and observed that in most cases, mails that cannot be scanned will be auto-denied.

ClamAV MIME Parsing Directory Traversal Vulnerability (CVE-2007-0897)
An input validation bug allows a remote user to overwrite files on the system that are owned by the clamd scanner. A potential target mentioned in the advisory is the virus database. By overwriting this file, the scanner's effectiveness against certain threats can be reduced significantly.

Both vulnerabilities were resolved in ClamAV's new stable 0.90 release. Do note that users that automatically download and install signature updates are not automatically covered. When vulnerabilities in anti virus software are addressed, it is important to understand whether they are fixed in the signatures or scanning engines. Depending on the solution in use, most setups are configured to automatically update the former, while the latter may require separate upgrades.
Back to top
View user's profile Send private message
Little Bruin
Boo Boo

Joined: 07 Apr 2003
Posts: 667
Location: Pic-A-Nic Basket
Display posts from previous:   
Post new topic   Reply to topic    Bigbruin.com Forum Index -> Software All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
Contact Us :: On Facebook :: On Youtube :: Newsletter :: RSS Feed :: FAQ :: Links :: Sponsors :: Privacy Policy
Copyright © 2000 - 2023 Bigbruin.com - All rights reserved