Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: New Vulnerabilities in ClamAV


Published: 2007-12-31,
Last Updated: 2007-12-31 13:51:03 UTC
by Toby Kohlenberg (Version: 1)

Roflek and Lolek of TK53 has published a couple new vulnerabilities in ClamAV. 
Specifically three vulnerabilities- a race condition, a way to bypass scanning 
in Base64 UUencoded files, and finally a failure in file existence checking 
that potentially allows an attacker to overwrite files. It's a good read, full 
details are here: http://seclists.org/fulldisclosure/2007/Dec/0625.html


Copyright © Lexa Software, 1996-2009.