Re: [Full-disclosure] iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV CAB File Denial of Service Vulnerability

On 2/15/07, iDefense Labs <[EMAIL PROTECTED]> wrote: > > The discoverer of this vulnerability wishes to remain anonymous. And the reason can be found here: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=133 Great "discovery"! ___ Full-Disclosure - We

Re: [Full-disclosure] DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop'

FYI Original Message Subject: [Clamav-team] Next 'security' advisory Date: Mon, 15 May 2006 09:47:28 +0200 From: Tomasz Kojm <[EMAIL PROTECTED]> To: ClamAV Security <[EMAIL PROTECTED]> In this case, the author failed to understand that: * freshclam cannot drop privileges befo