Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28907] ClamAV Multiple Vulnerabilities
> ----------------------------------------------------------------------
>
> TITLE:
> ClamAV Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28907
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28907/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Clam AntiVirus (clamav) 0.x
> http://secunia.com/product/2538/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in ClamAV, which can be
> exploited by malicious people to cause a DoS (Denial of Service) or
> to potentially compromise a vulnerable system.
>
> 1) An integer overflow error exists within the "cli_scanpe()"
> function in libclamav/pe.c. No further information is currently
> available.
>
> 2) An error within the "unmew11()" function in libclamav/mew.c can be
> exploited to corrupt heap memory.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerabilities are reported in versions prior to 0.92.1.
>
> SOLUTION:
> Update to version 0.92.1.
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) Silvio Cesare, reported to the vendor via iDefense.
> 2) The vendor credits Elliot.
>
> ORIGINAL ADVISORY:
> http://sourceforge.net/project/shownotes.php?release_id=575703
>
|
