Executive Summary

Informations
Name CVE-2010-0098 First vendor Publication 2010-04-08
Vendor Cve Last vendor Modification 2010-08-31

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0098

CPE : Common Platform Enumeration

TypeDescriptionCount
Application94
Application2

OpenVAS Exploits

DateDescription
2011-03-09Name : Gentoo Security Advisory GLSA 201009-06 (clamav)
File : nvt/glsa_201009_06.nasl
2010-05-28Name : Mandriva Update for clamav MDVSA-2010:082-1 (clamav)
File : nvt/gb_mandriva_MDVSA_2010_082_1.nasl
2010-04-19Name : Mandriva Update for clamav MDVSA-2010:082 (clamav)
File : nvt/gb_mandriva_MDVSA_2010_082.nasl
2010-04-13Name : ClamAV Security Bypass And Memory Corruption Vulnerabilities (Win)
File : nvt/gb_clamav_sec_bypass_n_mem_corr_vuln_win.nasl
2010-04-09Name : Ubuntu Update for clamav vulnerabilities USN-926-1
File : nvt/gb_ubuntu_USN_926_1.nasl
2010-03-02Name : Mandriva Update for drakxtools MDVA-2010:082 (drakxtools)
File : nvt/gb_mandriva_MDVA_2010_082.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
63861ClamAV Malformed CAB File Scanning Bypass

Nessus® Vulnerability Scanner

DateDescription
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_clamav-100414.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-6990.nasl - Type : ACT_GATHER_INFO
2010-09-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201009-06.nasl - Type : ACT_GATHER_INFO
2010-08-24Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO
2010-04-28Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12610.nasl - Type : ACT_GATHER_INFO
2010-04-26Name : The remote openSUSE host is missing a security update.
File : suse_11_1_clamav-100414.nasl - Type : ACT_GATHER_INFO
2010-04-26Name : The remote openSUSE host is missing a security update.
File : suse_11_0_clamav-100414.nasl - Type : ACT_GATHER_INFO
2010-04-26Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-6983.nasl - Type : ACT_GATHER_INFO
2010-04-26Name : The remote openSUSE host is missing a security update.
File : suse_11_2_clamav-100414.nasl - Type : ACT_GATHER_INFO
2010-04-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-082.nasl - Type : ACT_GATHER_INFO
2010-04-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-926-1.nasl - Type : ACT_GATHER_INFO
2010-04-07Name : The remote antivirus service is vulnerable to a file scan evasion attack.
File : clamav_0_96.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
BID http://www.securityfocus.com/bid/39262
CONFIRM http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=c...
http://support.apple.com/kb/HT4312
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
MLIST http://www.openwall.com/lists/oss-security/2010/04/06/4
http://www.openwall.com/lists/oss-security/2010/04/08/3
SECUNIA http://secunia.com/advisories/39293
http://secunia.com/advisories/39329
http://secunia.com/advisories/39656
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
UBUNTU http://www.ubuntu.com/usn/USN-926-1
VUPEN http://www.vupen.com/english/advisories/2010/0827
http://www.vupen.com/english/advisories/2010/0832
http://www.vupen.com/english/advisories/2010/0909
http://www.vupen.com/english/advisories/2010/1001
http://www.vupen.com/english/advisories/2010/1206

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-06-14 13:28:24
  • Multiple Updates
2014-02-17 10:53:12
  • Multiple Updates
2013-05-10 23:16:02
  • Multiple Updates