Solution
Please Install the Updated Packages.
Insight
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. (CVE-2007-0897)
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
(CVE-2007-0898)
The update to 0.90 addresses these issues.
Affected
clamav on Mandriva Linux 2006.0,
Mandriva Linux 2006.0/X86_64,
Mandriva Linux 2007.0,
Mandriva Linux 2007.0/X86_64
Severity
Classification
-
CVE CVE-2007-0897, CVE-2007-0898 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities