oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive

From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 8 Apr 2009 02:00:10 +0200
Hi,
* Jamie Strandboge <jamie () canonical com> [2009-04-07 22:49]:

On Tue, 07 Apr 2009, Nico Golde wrote:

* Thomas Biege <thomas () suse de> [2009-04-07 15:47]:

These two bugs possibly need a CVE-ID.

Here we go:

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462

http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html


Should be covered by CVE-2009-1241


The details are scant, but I believe bug #1462[1] to be different from the
unrar issue discussed in the blog and CVE-2009-1241.


Yes, I admit the formatting by putting that under the link I 
meant wasn't enough. CVE-2009-1241 does only cover the 
unrar unarchiver evasion.

CHeers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: