Clamav security vulnerabilities

Published: 2007-02-15
Last Updated: 2007-02-15 23:00:45 UTC
by Maarten Van Horenbeeck (Version: 2)
0 comment(s)

The Clamav development team released version 0.90 of their open-source antivirus toolkit today. This version contains fixes for security vulnerabilities described in a number of iDefense advisories that were published today.

ClamAV CAB File Denial of Service Vulnerability (CVE-2007-0898)
Remote attackers can perform a service degradation attack by sending a malformed CAB file through a gateway scanner running ClamAV. The vulnerability can prevent ClamAV from scanning archives succesfully by depleting the available local file descriptors. iDefense investigated a number of common setups and observed that in most cases, mails that cannot be scanned will be auto-denied.

ClamAV MIME Parsing Directory Traversal Vulnerability (CVE-2007-0897)
An input validation bug allows a remote user to overwrite files on the system that are owned by the clamd scanner. A potential target mentioned in the advisory is the virus database. By overwriting this file, the scanner's effectiveness against certain threats can be reduced significantly.

Both vulnerabilities were resolved in ClamAV's new stable 0.90 release, which was released yesterday. Do note that users that automatically download and install signature updates are not automatically covered. When vulnerabilities in anti virus software are addressed, it is important to understand whether they are fixed in the signatures or scanning engines.

Depending on the solution in use, most setups are configured to automatically update the former, while the latter may require separate upgrades. One user wrote in with the really good idea of leveraging the common logwatch tool to check for the typical Freshclam error:

WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.7 Recommended version: 0.90

 

Keywords:
0 comment(s)

Apple Security updates released

Published: 2007-02-15
Last Updated: 2007-02-15 22:58:43 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Apple released a security update today for users of Mac OS X v10.3.9 and v10.4.8 (including OS X Server):

  • Mounting a maliciously-crafted disk image could lead to a crash or arbitrary code execution (CVE-2007-0197)
  • Attackers on the local network can cause iChat to crash. A proof of concept was published in January (CVE-2007-0614 and CVE-2007-0710)
  • By using iChat AIM to visit a maliciously crafted URL an attacker could trigger an overflow, leading to a crash of the application or arbitrary code execution.
  • The UserNotificationCenter runs with elevated privileges in a local user context. This update forces the application to drop its group privileges shortly after starting. While this does not fix a directly exploitable vulnerability in itself, it fortifies the overall security posture of the application.

Security Update 2007-002, which contains these fixes, can be downloaded at Apple Downloads. Also have a look at these Java and DST updates.

 

Keywords:
0 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives