[Security-team] Fwd: [SA23347] Clam AntiVirus Multipart Nestings Denial of Service
Igor Zubkov
=?iso-8859-1?q?icesik_=CE=C1_mail=2Eru?=
Вт Дек 12 20:05:54 MSK 2006
---------- Пересланное сообщение ----------
Subject: [SA23347] Clam AntiVirus Multipart Nestings Denial of Service
Date: 12 декабря 2006 18:48
From: Secunia Security Advisories <sec-adv на secunia.com>
----------------------------------------------------------------------
TITLE:
Clam AntiVirus Multipart Nestings Denial of Service
SECUNIA ADVISORY ID:
SA23347
VERIFY ADVISORY:
http://secunia.com/advisories/23347/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Clam AntiVirus (clamav) 0.x
http://secunia.com/product/2538/
DESCRIPTION:
Hendrik Weimer has reported a vulnerability in Clam AntiVirus, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to a stack overflow when scanning
messages with deeply nested multipart content. This can be exploited
to crash the service by sending specially crafted emails to a
vulnerable system.
The vulnerability is reported in versions prior to 0.88.7.
SOLUTION:
Update to version 0.88.7.
PROVIDED AND/OR DISCOVERED BY:
Hendrik Weimer
ORIGINAL ADVISORY:
http://www.quantenblog.net/security/virus-scanner-bypass
----------------------------------------------------------------------
--
icesik
Подробная информация о списке рассылки Security-team