The URL was corrupted in the e-mail I received. See if this works: <http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.105762>
And quoting the info found there: > Test ID: 1.3.6.1.4.1.25623.1.0.105762 > Category: General > Title: ClamAV `Service Commands` Injection Vulnerability > Summary: ClamAV 0.99.2, and possibly other previous versions, allow the > execution of clamav commands SCAN and SHUTDOWN without authentication. > Description: Summary: > ClamAV 0.99.2, and possibly other previous versions, allow the execution of > clamav commands SCAN and SHUTDOWN without authentication. > > CVSS Score: > 5.0 > > CVSS Vector: > AV:N/AC:L/Au:N/C:P/I:N/A:N > > Copyright Copyright (C) 2016 Greenbone Networks GmbH -Al- On Thu, Sep 28, 2017 at 01:42 PM, Jonathan Stockley wrote: > > Hi, > We¹ve been using ClamAV 0.99.2 for some time. Our security team has > recently done a scan and reported that this version of ClamAV has the > injection vulnerability cited here: > http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0. > 105762 > > > I checked and 0.99.2 is the latest stable release with 0.99.3 in beta. > Is the cited vulnerability fixed in the 0.99.3-beta1 release? > If not, is there an approximate time for when this will be fixed? > > Thanks, > Jo
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
