FreeBSD : clamav -- Multiple Vulnerabilities (6a5174bd-c580-11da-9110-00123ffe8333)
Critical Nessus Plugin ID 21446
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSecunia reports :
Some vulnerabilities have been reported in ClamAV, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
An unspecified integer overflow error exists in the PE header parser in 'libclamav/pe.c'. Successful exploitation requires that the ArchiveMaxFileSize option is disabled.
Some format string errors in the logging handling in 'shared/output.c' may be exploited to execute arbitrary code.
An out-of-bounds memory access error in the 'cli_bitset_test()' function in 'ibclamav/others.c' may be exploited to cause a crash.
SolutionUpdate the affected packages.