Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в антивирусе ClamAV (multiple bugs)
Опубликовано:15 июня 2007 г.
Источник:
SecurityVulns ID:7820
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные переполнения буфера, обход защиты, проблема символьных линков.
Затронутые продукты:CLAMAV : ClamAV 0.90
CVE:CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.)
 CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.)
 CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.)
 CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.)
 CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.)
Оригинальный текстdocumentGENTOO, [Full-disclosure] [ GLSA 200706-05 ] ClamAV: Multiple Denials of Service (15.06.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород