Launchpad CVE tracker

CVE 2007-6595

ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.

Related bugs and status

CVE-2007-6595 (Candidate) is related to these bugs:

Bug #191150: possible integer overflow

		In	Importance	Status
191150	possible integer overflow	clamav (Ubuntu)	High	Fix Released
191150	possible integer overflow	clamav (Ubuntu Dapper)	Undecided	Fix Released
191150	possible integer overflow	clamav (Ubuntu Gutsy)	Undecided	Fix Released
191150	possible integer overflow	clamav (Ubuntu Feisty)	Undecided	Fix Released
191150	possible integer overflow	clamav (Ubuntu Edgy)	Undecided	Invalid

Bug #191637: Please backport clamav_0.91.2-3ubuntu2.3 (source) from gutsy-security to feisty

Summary				In	Importance	Status
	191637	Please backport clamav_0.91.2-3ubuntu2.3 (source) from gutsy-security to feisty		Feisty Backports	Undecided	Fix Released

Bug #195685: [clamav] [CVE-2007-6595] [CVE-2008-0318] execution of arbitrary / DoS vulnerability

Summary				In	Importance	Status
	195685	[clamav] [CVE-2007-6595] [CVE-2008-0318] execution of arbitrary / DoS vulnerability		clamav (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-6595

References