From e9d1019e24159eb8d82ff281486e7a5ab5bf49c4 Mon Sep 17 00:00:00 2001 From: remko Date: Tue, 19 Jun 2007 19:47:51 +0000 Subject: Document clamav -- multiple vulnerabilities. --- security/vuxml/vuln.xml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 171818e6926c..5e143f8e4d5f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file. --> + + clamav -- multiple vulnerabilities + + + clamav + 0.90.3 + + + + +

Clamav had been found vulnerable to multiple vulnerabilities:

Improper checking for the end of an buffer causing an + unspecified attack vector.
Insecure temporary file handling, which could be exploited + to read sensitive information.
A flaw in the parser engine which could allow a remote + attacker to bypass the scanning of RAR files.
A flaw in libclamav/unrar.c which could cause a remote + Denial of Service (DoS) by sending a specially crafted + RAR file with a modified vm_codesize.
A flaw in the OLE2 parser which could cause a remote + Denial of Service (DoS).

+ + + + CVE-2007-2650 + CVE-2007-3023 + CVE-2007-3024 + CVE-2007-3122 + CVE-2007-3123 + http://news.gmane.org/gmane.comp.security.virus.clamav.devel/cutoff=2853 + + + 2007-04-18 + 2007-06-19 + + + p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability -- cgit