From 26c48dc2d650e4d58a1f0c89f30b14837ab04a2c Mon Sep 17 00:00:00 2001 From: Marcus Alves Grando Date: Mon, 16 Oct 2006 14:32:54 +0000 Subject: - clamav -- CHM unpacker and PE rebuilding vulnerabilities Approved by: portmgr (mnag with secteam hat) --- security/vuxml/vuln.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 057d5727d4dc..e733a1213786 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,44 @@ Note: Please add new entries to the beginning of this file. --> + + clamav -- CHM unpacker and PE rebuilding vulnerabilities + + + clamav + 0.88.5 + + + clamav-devel + 20060922 + + + + +

Secunia reports:

+
Two vulnerabilities have been reported in Clam AntiVirus, which + potentially can be exploited by malicious people to cause a DoS + (Denial of Service) or compromise a vulnerable system.
+
1) An unspecified error in the CHM unpacker in chmunpack.c can be + exploited to cause a DoS.
+
2) An unspecified error in rebuildpe.c when rebuilding PE files + after unpacking can be exploited to cause a heap-based buffer + overflow.
+

+ + + + http://secunia.com/advisories/22370/ + http://lurker.clamav.net/message/20061016.015114.dc6a8930.en.html + http://sourceforge.net/project/shownotes.php?release_id=455799 + + + 2006-10-15 + 2006-10-16 + + + tkdiff -- temporary file symlink privilege escalation -- cgit v1.2.3