Executive Summary

Informations
NameCVE-2010-0098First vendor Publication2010-04-08
VendorCveLast vendor Modification2010-08-31

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0098

CPE : Common Platform Enumeration

TypeDescriptionCount
Application94
Application2

OpenVAS Exploits

DateDescription
2011-03-09Name : Gentoo Security Advisory GLSA 201009-06 (clamav)
File : nvt/glsa_201009_06.nasl
2010-05-28Name : Mandriva Update for clamav MDVSA-2010:082-1 (clamav)
File : nvt/gb_mandriva_MDVSA_2010_082_1.nasl
2010-04-19Name : Mandriva Update for clamav MDVSA-2010:082 (clamav)
File : nvt/gb_mandriva_MDVSA_2010_082.nasl
2010-04-13Name : ClamAV Security Bypass And Memory Corruption Vulnerabilities (Win)
File : nvt/gb_clamav_sec_bypass_n_mem_corr_vuln_win.nasl
2010-04-09Name : Ubuntu Update for clamav vulnerabilities USN-926-1
File : nvt/gb_ubuntu_USN_926_1.nasl
2010-03-02Name : Mandriva Update for drakxtools MDVA-2010:082 (drakxtools)
File : nvt/gb_mandriva_MDVA_2010_082.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
63861ClamAV Malformed CAB File Scanning Bypass

Nessus® Vulnerability Scanner

DateDescription
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_clamav-100414.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-6990.nasl - Type : ACT_GATHER_INFO
2010-09-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201009-06.nasl - Type : ACT_GATHER_INFO
2010-08-24Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO
2010-04-28Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12610.nasl - Type : ACT_GATHER_INFO
2010-04-26Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-6983.nasl - Type : ACT_GATHER_INFO
2010-04-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-082.nasl - Type : ACT_GATHER_INFO
2010-04-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-926-1.nasl - Type : ACT_GATHER_INFO
2010-04-07Name : The remote antivirus service is vulnerable to a file scan evasion attack.
File : clamav_0_96.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
BIDhttp://www.securityfocus.com/bid/39262
CONFIRMhttp://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=c...
http://support.apple.com/kb/HT4312
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:082
MLISThttp://www.openwall.com/lists/oss-security/2010/04/06/4
http://www.openwall.com/lists/oss-security/2010/04/08/3
SECUNIAhttp://secunia.com/advisories/39293
http://secunia.com/advisories/39329
http://secunia.com/advisories/39656
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
UBUNTUhttp://www.ubuntu.com/usn/USN-926-1
VUPENhttp://www.vupen.com/english/advisories/2010/0827
http://www.vupen.com/english/advisories/2010/0832
http://www.vupen.com/english/advisories/2010/0909
http://www.vupen.com/english/advisories/2010/1001
http://www.vupen.com/english/advisories/2010/1206

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:53:12
  • Multiple Updates
2013-05-10 23:16:02
  • Multiple Updates