Gentoo Linux Security Advisory
Version Information
Advisory Reference GLSA 200612-18 / clamav
Release Date December 18, 2006
Latest Revision December 18, 2006: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
app-antivirus/clamav < 0.88.7 >= 0.88.7 All supported architectures
Related bugreports: #157698
Synopsis
ClamAV is vulnerable to Denial of Service.
2. Impact Information
Background
ClamAV is a GPL virus scanner.
Description
Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content.
Impact
By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash.
3. Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
Code Listing 3.1
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.7"
4. References
CVE-2006-6481
jueves, 21 de diciembre de 2006
ClamAV: Denial of Service
Etiquetas:
SEGURIDAD INFORMATICA
Suscribirse a:
Comentarios de la entrada (Atom)
No hay comentarios.:
Publicar un comentario