14 DAY TRIAL // Do you remember WabiSabiLabi, that online shop for software vulnerabilities? If the answer is yes, you should know the service is back and along with some new goodies especially for the Linux lovers. WabiSabiLabi is now attempting to sell a ClamAV software vulnerability for no less than 500 euro. Sure, it's only intended to be delivered to the security companies which would be able to work for a resolution on it and work with the developer to fix but I'm curios to see how many of these flaws are really received by the security vendors?
ClamAV is an antivirus technology for the Linux-based computers which is supposed to protect a system already famous for its impressive security features. We all know the Linux distributions are some of the safest tools on the web, all of them being always regarded as the most secure alternative for the old-fashioned Microsoft Windows.
Getting back to the security hole, WabiSabiLabi reports that the flaw was confirmed in ClamAV version 0.91.1 but other editions might be also affected. "It has been recently submitted to our labs a vulnerability that allows a malicious user to execute arbitrary code on the machine running one of the utilities of the ClamAV suite by simply sending a specially crafted email to the vulnerable mailserver," it is mentioned in a message posted on the WabiSabiLabi blog.
"In a home scenario, even if ClamAV is not widely used in such environment, the impact can also be high. If a home computer is compromised, the attacker can access documents and files stored on that computer and use these informations to gain higher privileges."
At this time, there is no bid for the 500-euro vulnerability so it's pretty interesting to know what's happening with the flaws which are not acquired by any security vendor on the market.