219095 – (CVE-2006-6406) CVE-2006-6406: clamav <= 0.88.6 virus detection bypass

Bug 219095 (CVE-2006-6406) - CVE-2006-6406: clamav <= 0.88.6 virus detection bypass

Summary: CVE-2006-6406: clamav <= 0.88.6 virus detection bypass

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2006-6406
Product:	Fedora
Classification:	Fedora
Component:	clamav
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Enrico Scholz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-12-10 18:07 UTC by Ville Skyttä
Modified:	2007-11-30 22:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:	0.88.7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-12-12 20:09:55 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ville Skyttä 2006-12-10 18:07:36 UTC

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6406

"ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting
invalid characters into base64 encoded content in a multipart/mixed MIME file,
as demonstrated with the EICAR test file."

All FC3+ Extras repos have 0.88.6 at the moment.

Note You need to log in before you can comment on or make changes to this bug.