Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 8 Apr 2009 02:00:10 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com, Jamie Strandboge <jamie@...onical.com>
Cc: coley@...us.mitre.org
Subject: Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive

Hi,
* Jamie Strandboge <jamie@...onical.com> [2009-04-07 22:49]:
> On Tue, 07 Apr 2009, Nico Golde wrote:
> > * Thomas Biege <thomas@...e.de> [2009-04-07 15:47]:
> > > These two bugs possibly need a CVE-ID.
> > > 
> > > Here we go:
> > > 
> > > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
> > > 
> > > http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html
> > 
> > Should be covered by CVE-2009-1241
> 
> The details are scant, but I believe bug #1462[1] to be different from the
> unrar issue discussed in the blog and CVE-2009-1241.

Yes, I admit the formatting by putting that under the link I 
meant wasn't enough. CVE-2009-1241 does only cover the 
unrar unarchiver evasion.

CHeers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux