• Mac Security: ClamXav & PHPMyAdmin Vulnerabilities

    From Derek Currie@derekcurrie@mac.com.invalid to comp.sys.mac.system on Tuesday, April 11, 2006 13:17:43
    From Newsgroup: comp.sys.mac.system

    Macintouch notes reports of vulnerabilities in the freeware anti-virus
    program ClamXav (aka ClamAV in general). Also note vulnerabilities in PHPMyAdmin:
    <http://www.macintouch.com/>

    Security Focus covers a set of ClamAV vulnerabilities, as well as
    PHPMyAdmin vulnerabilities:

    ClamAV is prone to multiple vulnerabilities. These issues include:
    - An integer overflow vulnerability. This issue may permit the execution of
    arbitrary code. This can facilitate a compromise of an affected computer.
    - A format string vulnerability. This issue may permit the execution of
    arbitrary code. This can facilitate a compromise of an affected computer.
    - A denial-of-service vulnerability. This issue can be exploited to crash
    the affected application. This may aid an attacker in further attacks if
    the antivirus software is no longer operational.

    phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
    An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

    The details regarding ClamXav can be found at: <http://www.securityfocus.com/bid/17388/discuss>

    ClamAV is prone to multiple vulnerabilities:

    - An integer-overflow vulnerability.
    - A format-string vulnerability.
    - A denial-of-service vulnerability.

    The first two issues may permit attackers to execute arbitrary code, which can facilitate a compromise of an affected computer.

    If an attacker can successfully exploit the denial-of-service issue, this may
    crash the affected application, which may aid an attacker in further attacks if the antivirus software no longer works.

    No exploitations of these vulnerabilities are yet known and may not
    appear. But those most concerned with security might want to move to an alternative anti-virus program (avoiding Symantec's Norton Anti-Virus
    which itself has had several problems).

    Information about PHPMyAdmin can be found at: <http://www.securityfocus.com/bid/17390/discuss>

    :-Derek

    --
    Fortune Magazine, 11-29-05: What's your computer setup today?
    Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease of use, and I want my computer to be a tool, not a challenge. <http://money.cnn.com/magazines/fortune/fortune_archive/2005/12/12/8363107/> [Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded the movement to modernize computer software engineering in 1975]
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Ilgaz Ocal@ilgaz_ocal@yahoo.com to comp.sys.mac.system on Tuesday, April 11, 2006 16:24:49
    From Newsgroup: comp.sys.mac.system

    On 2006-04-11 16:17:43 +0300, Derek Currie <derekcurrie@mac.com.invalid> said:

    No exploitations of these vulnerabilities are yet known and may not
    appear. But those most concerned with security might want to move to an alternative anti-virus program (avoiding Symantec's Norton Anti-Virus
    which itself has had several problems).

    I like to remind that X Serve comes with ClamAv installed and running
    by default. Not totally sure about "running" but I know it is
    installed with OS X Server.

    I also think these stuff will be immediately fixed. For those wanting
    more info can hit http://www.clamxav.com , I bet its forums will work
    on this matter.


    Ilgaz

    --- Synchronet 3.18b-Win32 NewsLink 1.113