oss-sec mailing list archives
Re: clamav CVE ids?
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 17 Jun 2009 23:06:34 +0200
Am Mittwoch 17 Juni 2009 schrieb Tavis Ormandy:
On Wed, Jun 17, 2009 at 05:22:28PM +0200, Marcus Meissner wrote:Hi, Clamav 0.95.2 brings some fixes for Thierry Zollers issues, which probably deserve (a) CVE id ...Anti virus bypass? Seriously?
I agree that av bypass isn't a "security issue" itself, but at least the cab/filesize issue sounds like it could lead to more than that. It's a pity clamav doesn't handle security issues in a sane way, but I think I already said that recently... -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher http://tinyurl.com/dceu73 - Internetzensur stoppen! http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- clamav CVE ids? Marcus Meissner (Jun 17)
- Re: clamav CVE ids? Tavis Ormandy (Jun 17)
- Re: clamav CVE ids? Hanno Böck (Jun 17)
- Re: clamav CVE ids? Tavis Ormandy (Jun 17)