Eygene Ryabinkin
2007-Apr-17 06:55 UTC
VuXML entry for CVE-2007-1870: ClamAV CAB File Unstore Buffer Overflow
Good day.
Spotted the CVE-2007-1870: the clamav 0.90.2 is already in the ports,
but no sign of the issue in the VuXML. The entry is attached. One
thing that is a bit strange is that the ChangeLog for the ClamAV
(http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about
CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are
messed the numbers -- there is no such CVE, at least I failed to
find it via cve.mitre.org:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997
But the CVE-2007-1870 is a candidate and has no relevant information,
so I am not 100% sure about the correct number.
--
Eygene
-------------- next part --------------
<vuln vid="unknown">
<topic>clamav -- CAB File Unstore Buffer Overflow
Vulnerability</topic>
<affects>
<package>
<name>clamav</name>
<range><ge>0.90rc3</ge><lt>0.90.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>iDefense Security Advisory 04.16.07:</p>
<blockquote
cite="http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513">
<p>Remote exploitation of a buffer overflow vulnerability in Clam
AntiVirus' ClamAV allows attackers to execute arbitrary code
with the privileges of the affected process.</p>
<p>Successful exploitation of this vulnerability results
in code execution with the privileges of the process
using libclamav.</p>
<p>In the case of the clamd program, this will result in
executing code with the privileges of the clamav user.
Unsuccessful exploitation results in the clamd
process crashing.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2007-1870</cvename>
<url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513</url>
<url>http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog</url>
</references>
<dates>
<discovery>2007-04-14</discovery>
</dates>
</vuln>
Seemingly Similar Threads
Wisdom of the Ancients
