oss-sec mailing list archives

Re: clamav CVE ids?

From: Hanno Böck <hanno () hboeck de>
Date: Wed, 17 Jun 2009 23:06:34 +0200

Am Mittwoch 17 Juni 2009 schrieb Tavis Ormandy:

On Wed, Jun 17, 2009 at 05:22:28PM +0200, Marcus Meissner wrote:

Hi,

Clamav 0.95.2 brings some fixes for Thierry Zollers issues,
which probably deserve (a) CVE id ...


Anti virus bypass? Seriously?


I agree that av bypass isn't a "security issue" itself, but at least the 
cab/filesize issue sounds like it could lead to more than that.
It's a pity clamav doesn't handle security issues in a sane way, but I think I 
already said that recently...

-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de
http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher
http://tinyurl.com/dceu73 - Internetzensur stoppen!

http://schokokeks.org - professional webhosting

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

clamav CVE ids? Marcus Meissner (Jun 17)
- Re: clamav CVE ids? Tavis Ormandy (Jun 17)
  - Re: clamav CVE ids? Hanno Böck (Jun 17)