FreeBSD : clamav -- multiple remote buffer overflows (1db7ecf5-fd24-11d9-b4d6-0007e900f87b)
High Nessus Plugin ID 19337
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAn Secunia Advisory reports :
Neel Mehta and Alex Wheeler have reported some vulnerabilities in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
- Two integer overflow errors in 'libclamav/tnef.c' when processing TNEF files can be exploited to cause a heap-based buffer overflow via a specially crafted TNEF file with a length value of -1 in the header.
- An integer overflow error in 'libclamav/chmunpack.c' can be exploited to cause a heap-based buffer overflow via a specially crafted CHM file with a chunk entry that has a filename length of -1.
- A boundary error in 'libclamav/fsg.c' when processing a FSG compressed file can cause a heap-based buffer overflow.
SolutionUpdate the affected packages.