As there is no date to show when this article was written, I'm not
sure if it takes into account 0.85.1 Can anyone comment?
http://www.securityfocus.com/bid/13795/discussion/
Thanks,
Mark
Article contents:
Clam Anti-Virus ClamAV running on Mac OS X is affected by a command
execution vulnerability.
Reportedly, when a suspected infected file is handled by the
application and it cannot be removed, the application may attempt to
copy it to another location using the Mac OS X 'ditto' utility. The
'ditto' utility is called in an insecure manner and the responsible
function fails to sanitize the file name allowing an attacker to
include arbitrary commands in the file name that will be executed in
the context of ClamAV.
This can allow an attacker to gain unauthorized access to an affected
computer. It should be noted that the exploitation of vulnerability
is only possible when a malicious file is copied.
ClamAV versions 0.80rc4 to 0.84rc2 to are affected by this issue.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
