Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities
From: "Ulf Harnhammar" <metaur () operamail com>
Date: Fri, 07 Apr 2006 21:01:32 +0100

Debian Security Advisory DSA 1024-1 security () debian org
Package : clamav

    Format string vulnerabilities in the logging code have been discovered, 
    which might lead to the execution of arbitrary code.

Is this about the strange looking syslog calls in shared/output.c? I have found them
too (boast boast), and I believe that they are no vulnerabilities at all, as the
offending data will always pass through this construct:

while((pt = strchr(vbuff, '%')))
    *pt = '_';

(For the non-programmers out there, it changes all instances of "%" in vbuff to "_".)

// Ulf Harnhammar

Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Re: [SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities Ulf Harnhammar (Apr 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]