Register | Forget Password | Login
Search :
SecurityReason

News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

RSS

News

SecurityAlert

ExploitAlert

Apache

PHP

Corporate

Contact

About us

Services

SecurePHP

Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Details : SecurityAlert

  Topic : ClamAV Remote Code Execution Advisory
  SecurityAlert : 3063
  CVE : CVE-2007-4560
  SecurityRisk : Medium  alert
  Remote Exploit : Yes
  Local Exploit : No
  Exploit Given : No
  Credit : security nruns com
  Date : 28.08.2007

  Affected Software : ClamAV


  Advisory Text :  

n.runs AG
http://www.nruns.com/
security(at)nruns.com
n.runs-SA-2007.025
24-Aug-2007

_________________________________________________________________
_______

Vendor: ClamAV, http://www.clamav.net
Affected Products: ClamAV,
http://www.clamav.net
Vulnerability : Remote Code Execution
Risk: HIGH

_________________________________________________________________
_______

Vendor communication:

2007/08/10 Initial notification to ClamAV
2007/08/10 ClamAV Responses
2007/08/10 PoC files sent to ClamAV
2007/08/21 ClamAV releases version 0.91.2
2007/08/24 n.runs AG releases a coordinated disclosure advisory

_________________________________________________________________
_______

Overview:

Clam AntiVirus is an open source (GPL) anti-virus toolkit for
UNIX,
designed especially for e-mail scanning on mail gateways. It
provides
a number of utilities including a flexible and scalable
multi-threaded
daemon, a command line scanner and advanced tool for automatic
database
updates. The core of the package is an anti-virus engine
available in
a form of shared library.

Description:

A remotely exploitable vulnerability has been found in
clamav-milter
when used with sendmail. In detail, the following flaw was
determined:

- Arbitrary code execution due to insecure call to popen()

Impact:

This vulnerability can lead to remote code execution with root
privileges.
Leading to a complete compromise of the vulnerable system.
An attacker can inject shell commands into the recipient field of
sendmail,
if clamav-milter was started with the black hole mode activated.
The vulnerability is present in at least clamav version 0.91.1,
prior
versions may also be affected.

Solution:
A new stable release (clamav 0.91.2) is available at the clamav
website
which
fixes the vulnerability.

_________________________________________________________________
_______

Credit:
Bugs found by Nikolaos Rangos of n.runs AG.
_________________________________________________________________
_______

References:
http://www.clamav.net/download/sources

This Advisory and Upcoming Advisories
http://www.nruns.com/security_advisory.php
http://www.nruns.com/parsing-engines-advisories.php
_________________________________________________________________
_______

Unaltered electronic reproduction of this advisory is permitted.
For all
other reproduction or publication, in printing or otherwise,
contact
securitynruns.com for permission. Use of the advisory constitutes

acceptance for use in an as is condition. All warranties are
excluded. In
no event shall n.runs be liable for any damages whatsoever
including direct,

indirect, incidental, consequential, loss of business profits or
special
damages, even if n.runs has been advised of the possibility of
such damages.

Copyright 2007 n.runs AG. All rights reserved. Terms of use
apply.



Alert

*BSD libc (strfmon) Multiple vulnerabilities

high- 2008-03-25

Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.

Apache rss

» Apache-SSL memory
   disclosure

» Apache mod_negotiation
   Xss and Http Response
   Splitting

» Apache (mod_status)
   Refresh Header - Open
   Redirector (XSS)

» Apache (mod_proxy_ftp)
   Undefined Charset UTF-7
   XSS Vulnerability

PHP rss

» PHP 5.2.5 and prior :
   *printf() functions
   Integer Overflow

» PHP 5.2.5 cURL safe_mode
   bypass

» PHP 5.2.4
   mail.force_extra_paramete
   rs unsecure

» PHP <= 5.2.5
   stream_wrapper_register()
   Denial of service

Copyright © SecurityReason. All Rights Reserved.