> (10) MODERATE: ClamAV CAB File Processing Buffer Overflow
> ClamAV versions 0.90rc3 through 0.90.1
> Note that these versions are not shipped by default with most major
> Linux and Unix-like operating system distributions.
> Description: ClamAV, a popular open source antivirus
> solution, contains
> a buffer overflow in its handling of Microsoft Cabinet (CAB) files. A
> specially-crafted CAB file could trigger this buffer overflow and
> execute arbitrary code with the privileges of the "clamd"
> process. Note
> that the CAB file may be attached to an email transiting a network
> monitored by ClamAV. Since ClamAV is open source, technical
> details for
> this vulnerability may be obtained via source code analysis.
> Status: ClamAV confirmed, updates available.
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the responding council sites. They reported that no action was
> iDefense Security Advisory
> ClamAV Release Notes
> SecurityFocus BID
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 17, 2007
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5431 unique vulnerabilities. For
> this special
> SANS community listing, Qualys also includes vulnerabilities
> that cannot
> be scanned remotely.
> 07.17.21 CVE: Not Available
> Platform: Unix
> Title: ProFTPD AUTH Multiple Authentication Module Security Bypass
> Description: ProFTPD is an FTP server implementation that is available
> for Unix and Linux platforms. The application is exposed to a security
> restriction bypass issue due to an error in the AUTH API. ProFTPD 1.2
> and 1.3 branches are affected.
> Ref: http://bugs.proftpd.org/show_bug.cgi?id=2922
> 07.17.37 CVE: CVE-2007-1745, CVE-2007-1997
> Platform: Cross Platform
> Title: Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
> Description: ClamAV is an antivirus application for Microsoft Windows
> and UNIX-like operating systems. The application is exposed to file
> descriptor leakage issue and a buffer overflow issue which affects
> "libclamav/cab.c" code. ClamAV version 0.90.2 is affected.
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.