Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Clam AntiVirus UUencoded Message Denial of Service Vulnerability

Feb 9, 2004 9:42PM PST

Secunia Advisory: SA10826
Release Date: 2004-02-10

Critical: Moderately critical
Impact: DoS
Where: From remote

Software: Clam AntiVirus (clamav) 0.x

Description:
Oliver Eikemeier has reported a vulnerability in Clam AntiVirus (clamav), which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling certain malformed uuencoded messages. This can be exploited to crash the clamd process by sending a specially crafted message to a vulnerable system.

The vulnerability has been reported in version 0.65.

Solution:
This issue has reportedly been fixed in CVS.

http://www.secunia.com/advisories/10826/

Discussion is locked