Gentoo Linux Security Advisory GLSA 200709-14 - Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to popen() when executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference errors exist within the cli_scanrtf() function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL-pointer dereference vulnerability within the cli_html_normalise() function in libclamav/htmlnorm.c (CVE-2007-4510). Versions less than 0.91.2 are affected.
f5268da5fa00432a3fdf6c08174761a93c9465ba542aa5f73fb11dc7a3e3149bDebian Security Advisory 1366-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service. It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands.
b06c4e0dd93c458e138d0d2355636fbefd8be0625630bb3c894bb98ccedb7088Mandriva Linux Security Advisory - A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference. A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call.
0a2279cffb8c552d518235b4df6e04d3598081371d8c3cac9e1d45ee0597176a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed