From 4b9d4025b8dbc00b04c180b877385d8b09e96aed Mon Sep 17 00:00:00 2001 From: mnag Date: Mon, 16 Oct 2006 14:32:54 +0000 Subject: - clamav -- CHM unpacker and PE rebuilding vulnerabilities Approved by: portmgr (mnag with secteam hat) --- security/vuxml/vuln.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 057d5727d4dc..e733a1213786 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,44 @@ Note: Please add new entries to the beginning of this file. --> + + clamav -- CHM unpacker and PE rebuilding vulnerabilities + + + clamav + 0.88.5 + + + clamav-devel + 20060922 + + + + +

Secunia reports:

+
+

Two vulnerabilities have been reported in Clam AntiVirus, which + potentially can be exploited by malicious people to cause a DoS + (Denial of Service) or compromise a vulnerable system.

+

1) An unspecified error in the CHM unpacker in chmunpack.c can be + exploited to cause a DoS.

+

2) An unspecified error in rebuildpe.c when rebuilding PE files + after unpacking can be exploited to cause a heap-based buffer + overflow.

+
+ +
+ + http://secunia.com/advisories/22370/ + http://lurker.clamav.net/message/20061016.015114.dc6a8930.en.html + http://sourceforge.net/project/shownotes.php?release_id=455799 + + + 2006-10-15 + 2006-10-16 + +
+ tkdiff -- temporary file symlink privilege escalation -- cgit