[Mimedefang] [OT] FYI: Clam AntiVirus UUencoded Message Denial of Service Vulnerability
Chris Myers
chris at by-design.net
Tue Feb 10 09:39:21 EST 2004
For those of us using Clamd 0.65, fyi.
Chris Myers
Networks By Design
--- CUT HERE ---
TITLE:
Clam AntiVirus UUencoded Message Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA10826
VERIFY ADVISORY:
http://www.secunia.com/advisories/10826/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
Clam AntiVirus (clamav) 0.x
DESCRIPTION:
Oliver Eikemeier has reported a vulnerability in Clam AntiVirus
(clamav), which can be exploited by malicious people to cause a DoS
(Denial of Service).
The vulnerability is caused due to an error when handling certain
malformed uuencoded messages. This can be exploited to crash the
clamd process by sending a specially crafted message to a vulnerable
system.
The vulnerability has been reported in version 0.65.
SOLUTION:
This issue has reportedly been fixed in CVS.
PROVIDED AND/OR DISCOVERED BY:
Oliver Eikemeier
ORIGINAL ADVISORY:
http://www.freebsd.org/cgi/query-pr.cgi?pr=62586
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://www.secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
More information about the MIMEDefang
mailing list