FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability

Affected packages
0.80 <= clamav < 0.88.2
20040826 <= clamav-devel < 20060502


VuXML ID b088bf48-da3b-11da-93e0-00123ffe8333
Discovery 2006-05-01
Entry 2006-05-03

Secunia reports:

A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the HTTP client in the Freshclam command line utility. This can be exploited to cause a stack-based buffer overflow when the HTTP headers received from a web server exceeds 8KB.

Successful exploitation requires that Freshclam is used to download virus signature updates from a malicious mirror web server e.g. via DNS poisoning.


CVE Name CVE-2006-1989