Clam AntiVirus Multipart Nestings Denial of Service Date: Tuesday, December 12, 2006 @ 23:57:03 CST Topic: Security SECUNIA ADVISORY ID: SA23347 VERIFY ADVISORY: http://secunia.com/advisories/23347/ CRITICAL: Moderately critical IMPACT: DoS SOFTWARE: Clam AntiVirus (clamav) 0.x - http://secunia.com/product/2538/ DESCRIPTION: Hendrik Weimer has reported a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a stack overflow when scanning messages with deeply nested multipart content. This can be exploited to crash the service by sending specially crafted emails to a vulnerable system. The vulnerability is reported in versions prior to 0.88.7. SOLUTION: Update to version 0.88.7. PROVIDED AND/OR DISCOVERED BY: Hendrik Weimer ORIGINAL ADVISORY: http://www.quantenblog.net/security/virus-scanner-bypass This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2558