[Bug 245219] New: clamav < 0.90.3 multiple vulnerabilities
bugzilla at redhat.com
bugzilla at redhat.com
Thu Jun 21 18:38:12 UTC 2007
- Previous message: fedora-security/audit fc7, 1.21, 1.22 fe5, 1.206, 1.207 fe6, 1.120, 1.121
- Next message: fedora-security/audit fc7, 1.22, 1.23 fe5, 1.207, 1.208 fe6, 1.121, 1.122
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219
Summary: clamav < 0.90.3 multiple vulnerabilities
Product: Fedora
Version: f7
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: clamav
AssignedTo: enrico.scholz at informatik.tu-chemnitz.de
ReportedBy: ville.skytta at iki.fi
QAContact: extras-qa at fedoraproject.org
CC: fedora-security-list at redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3023
"unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly
calculate the end of a certain buffer, with unknown impact and remote attack
vectors."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3024
"libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses
insecure permissions for temporary files that are created by the
cli_gentempstream function in clamd/clamdscan, which might allow local users to
read sensitive files."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3122
"The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows
remote attackers to bypass scanning via a RAR file with a header flag value of
10, which can be processed by WinRAR."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3123
"unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows
remote attackers to cause a denial of service (core dump) via a crafted RAR file
with a modified vm_codesize value, which triggers a heap-based buffer overflow."
Not checked whether 0.88.x in FC-6 and earlier are affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
- Previous message: fedora-security/audit fc7, 1.21, 1.22 fe5, 1.206, 1.207 fe6, 1.120, 1.121
- Next message: fedora-security/audit fc7, 1.22, 1.23 fe5, 1.207, 1.208 fe6, 1.121, 1.122
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the security
mailing list