Index: vuln.xml =================================================================== RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.1591 diff -u -r1.1591 vuln.xml --- vuln.xml 13 Apr 2008 03:52:31 -0000 1.1591 +++ vuln.xml 16 Apr 2008 13:34:09 -0000 @@ -34,6 +34,49 @@ --> + + clamav -- Multiple Vulnerabilities + + + clamav + 0.93 + + + clamav-devel + 20080415 + + + + +

Secunia reports:

+
+

Some vulnerabilities have been reported in ClamAV, which can be + exploited by malicious people to cause a DoS (Denial of Service) + or to compromise a vulnerable system.

+

1) A boundary error exists within the "cli_scanpe()" function in + libclamav/pe.c. This can be exploited to cause a heap-based buffer + overflow via a specially crafted "Upack" executable.

+

Successful exploitation allows execution of arbitrary code.

+

2) A boundary error within the processing of PeSpin packed + executables in libclamav/spin.c can be exploited to cause a + heap-based buffer overflow.

+

Successful exploitation may allow execution of arbitrary code.

+

3) An unspecified error in the processing of ARJ files can be + exploited to hang ClamAV.

+
+ + + + CVE-2008-1100 + CVE-2008-1387 + http://secunia.com/advisories/29000 + + + 2008-04-15 + 2008-04-15 + + + lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability