FreeBSD : clamav -- arbitrary code execution and DoS vulnerabilities (271498a9-2cd4-11da-a263-0001020eed82)
High Nessus Plugin ID 21403
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionGentoo Linux Security Advisory reports :
Clam AntiVirus is vulnerable to a buffer overflow in 'libclamav/upx.c' when processing malformed UPX-packed executables. It can also be sent into an infinite loop in 'libclamav/fsg.c' when processing specially crafted FSG-packed executables.
By sending a specially crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus, or cause a Denial of Service.
SolutionUpdate the affected packages.