Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FYI: New Vulnerabilities in ClamAV
http://isc.sans.org/diary.html?n&storyid=3796
Published: 2007-12-31,
Last Updated: 2007-12-31 13:51:03 UTC
by Toby Kohlenberg (Version: 1)
Roflek and Lolek of TK53 has published a couple new vulnerabilities in ClamAV.
Specifically three vulnerabilities- a race condition, a way to bypass scanning
in Base64 UUencoded files, and finally a failure in file existence checking
that potentially allows an attacker to overwrite files. It's a good read, full
details are here: http://seclists.org/fulldisclosure/2007/Dec/0625.html
|
