ports/128749: [vuxml] VBA parser vulnerability in ClamAV
Roger Marquis
marquis at roble.com
Tue Nov 11 08:11:24 PST 2008
> As was recently reported in the BugTraq list, VBA parser in ClamAV is
> contains the off-by-one overflow and can lead to the arbitrary code
> execution within the clamd process.
>
> VBA component seem to be unconditionally included to the libclamav
> and OLE2 scanning is "on" by-default.
FWIW, clamav-0.94.1 does not compile under 5.X without CONFIGURE_ARGS+=
--disable-gethostbyname_r. When compiled this way it does not run (exits
after initialization with no error logging).
Though 5.X is no longer officially supported there are many sites still
running it which could benefit from a patch, assuming it would be trivial
to create such a patch.
Roger Marquis
More information about the freebsd-security
mailing list