CVE-2006-1989 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-1989
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1989

Description: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26182 TRUSTIX http://www.trustix.org/errata/2006/0024 SUSE http://www.novell.com/linux/security/advisories/2006_05_05.html http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html ST 1016392 SAID Secunia Advisory: SA19880 Secunia Advisory: SA19912 Secunia Advisory: SA19963 Secunia Advisory: SA19874 Secunia Advisory: SA19964 Secunia Advisory: SA20159 Secunia Advisory: SA20117 Secunia Advisory: SA20877 OSVDB 25120 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:080 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml DEBIAN http://www.debian.org/security/2006/dsa-1050 CONFIRM http://kolab.org/security/kolab-vendor-notice-09.txt http://www.clamav.net/security/0.88.2.html CERT-VN 599220 BID 17754 APPLE http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html

Return to the previous page.