CVE-2007-6595 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-6595
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-6595

Description: ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/39335 http://xforce.iss.net/xforce/xfdb/39339 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html ST 1019148 SREASON http://securityreason.com/securityalert/3501 SAID Secunia Advisory: SA31437 Secunia Advisory: SA28949 Secunia Advisory: SA29891 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 GENTOO http://security.gentoo.org/glsa/glsa-200808-07.xml DEBIAN http://www.debian.org/security/2008/dsa-1497 CONFIRM http://kolab.org/security/kolab-vendor-notice-19.txt BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/485631/100/0/threaded BID 27064

Return to the previous page.