Debian Security Advisory 1263-1 - Several remote vulnerabilities have been discovered in in the Clam anti-virus toolkit, which may lead to denial of service.
e6168e8619dfe7c52a80aef754ae195cf0d83fdefe22d25e6f40251552520f7f
Gentoo Linux Security Advisory GLSA 200703-03 - An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the id parameter string used to create local files when parsing MIME headers. Versions less than 0.90 are affected.
ee2f7987c5622a444e724df0a1937039cce5cef60caad53d51b3cff4af7e1eb5
Mandriva Security Advisory - Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
7269e67e1a6ed8ca07776bcaf1cd0cecf907d085d4b1fb098633457f219b2fc8
iDefense Security Advisory 02.15.07 - Remote exploitation of a directory traversal vulnerability in Clam AntiVirus' ClamAV allows attackers to overwrite files owned by the clamd scanner. The vulnerability specifically exists due to the lack of validation of the id parameter string taken from a MIME header. When parsing a multi-part message clam takes this string from the header and uses it to create a local file. By sending a string such as "../../../../some/file" an attacker can create or overwrite an arbitrary file owned by the clamd process. Data from the message body is later written to this file. iDefense has confirmed this vulnerability affects Clam AntiVirus ClamAV version 0.88.6. All versions prior to the 0.90 stable release are suspected to be vulnerable.
5e80d8dac7b01be02d9ccc923cedb221feb90232b18090dbf18218c30624b0cc