Joined: 25 Feb 2003
Location: Essen, Germany
|Posted: Mon Jan 31, 2005 8:10 pm Post subject: [ GLSA 200501-46 ] ClamAV: Multiple issues
|Gentoo Linux Security Advisory
Title: ClamAV: Multiple issues (GLSA 200501-46)
Date: January 31, 2005
Updated: May 22, 2006
Bug(s): #78656, #79194
ClamAV contains two vulnerabilities that could lead to Denial of Service and evasion of virus scanning.
ClamAV is an antivirus toolkit. It includes a multi-threaded daemon and a command line scanner.
Vulnerable: <= 0.80
Unaffected: >= 0.81
Architectures: All supported architectures
ClamAV fails to properly scan ZIP files with special headers (CAN-2005-0133) and base64 encoded images in URLs.
By sending a base64 encoded image file in a URL an attacker could evade virus scanning. By sending a specially-crafted ZIP file an attacker could cause a Denial of Service by crashing the clamd daemon.
There is no known workaround at this time.
All ClamAV users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.81"
ClamAV Release Announcement
Last edited by GLSA on Mon May 22, 2006 4:18 am; edited 2 times in total