Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » ClamAV vulnerability pached

ClamAV vulnerability pached

by Nikola Strahija on January 16th, 2006 Security researchers have discovered a serious security flaw in ClamAV, which is mainly used with Unix and Linux.


The flaw was disclosed only this week through the Zero Day Initiative (ZDI), but was reported to the ClamAV's developers in mid-December. ZDI waited for the patch to be ready to announce the bug.

The bug allows attackers to execute malicious code on a server running ClamAV versions 0.80 to 0.87.1. It is due to an exploitable memory corruption condition created by an error in the unpacking of executable files compressed with UPX (Ultimate Packer for eXecutables), an open-source compression program. Attackers don't need to be authenticated to exploit the bug.

Secunia, which maintains a database of vulnerabilities, said the flaw was "highly critical".


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »