Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Vulnerabilities Disclosed within ClamAV

Anti-Virus' flaws can cause DoS

By Alexandru Dumitru, Security News Editor

22nd of August 2007, 15:18 GMT

Adjust text size:



Enlarge picture
This software has been disclosed to have a couple of vulnerabilities that, if exploited by malicious users, could cause Denial of Service.

The DoS attack is an attempt to make a computer resource unavailable
to a certain user. It is generally used to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Such attacks are implemented by forcing the target computer to reset, or consume its resources such that it can no longer provide its intended service. But this is not the only way one malicious user could obstruct the communication media between the intended users and the victim so that they can no longer communicate adequately.

In ClamAv's case, Secunia reports a NULL-pointer dereference error to exist within the "cli_scanrtf()" function in libclamav/rtf.c. This can potentially be exploited to crash ClamAV via a specially crafted RTF file. A second vulnerability reported by the same site consists in a NULL-pointer dereference error existing within the "cli_html_normalise()" function in libclamav/htmlnorm.c. This can potentially be exploited to crash ClamAv via a specially crafted HTML file containing a "data" URL scheme.

These errors are only reported in versions that have been developed before 0.91.2, so if you have the latest version, you are secure. Of course, the solution to these issues is updating to version 0.91.2, so please do it. You can get your PC infected really fast with your anti-virus down, fact which can happen, considering these 2 flaws.

You may download the 0.91.2 version from the official Sourceforge site, clicking on this link will lead you directly to the download page.

Also, if you are interested, you may consult the original advisory (from Sourceforge as well) that can be found on this link right here.

TAGS:

 clamav | vulnerabilities | dos | flaws


Rating:
Fair (2.6/5) 5 vote(s) so far    

Read by 361 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


The Keyspan TuneView Remote Controls Your iTunes

Lanner's Network Media Server

Open Security to Get Better

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive