FreeBSD : clamav -- MS-Expand file handling DoS vulnerability (6d18fe19-ee67-11d9-8310-0001020eed82)
Medium Nessus Plugin ID 18975
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAn iDEFENSE Security Advisory reports :
Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition.
The vulnerability specifically exists due to improper behavior during exceptional conditions.
Successful exploitation allows attackers to exhaust file descriptors pool and memory. Anti-virus detection functionality will fail if there is no file descriptors available with which to open files. Remote exploitation can be achieved by sending a malicious file in an e-mail message or during an HTTP session.
SolutionUpdate the affected packages.