Executive Summary

Informations
Name CVE-2010-1311 First vendor Publication 2010-04-08
Vendor Cve Last vendor Modification 2010-08-31

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1311

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13102
 
Oval ID: oval:org.mitre.oval:def:13102
Title: USN-926-1 -- clamav vulnerabilities
Description: It was discovered that ClamAV did not properly verify its input when processing CAB files. A remote attacker could send a specially crafted CAB file to evade malware detection. It was discovered that ClamAV did not properly verify its input when processing CAB files. A remote attacker could send a specially crafted CAB file and cause a denial of service via application crash.
Family: unix Class: patch
Reference(s): USN-926-1
CVE-2010-0098
CVE-2010-1311
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): clamav
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application94
Application2

OpenVAS Exploits

DateDescription
2011-03-09Name : Gentoo Security Advisory GLSA 201009-06 (clamav)
File : nvt/glsa_201009_06.nasl
2010-05-28Name : Mandriva Update for clamav MDVSA-2010:082-1 (clamav)
File : nvt/gb_mandriva_MDVSA_2010_082_1.nasl
2010-04-19Name : Mandriva Update for clamav MDVSA-2010:082 (clamav)
File : nvt/gb_mandriva_MDVSA_2010_082.nasl
2010-04-13Name : ClamAV Security Bypass And Memory Corruption Vulnerabilities (Win)
File : nvt/gb_clamav_sec_bypass_n_mem_corr_vuln_win.nasl
2010-04-09Name : Ubuntu Update for clamav vulnerabilities USN-926-1
File : nvt/gb_ubuntu_USN_926_1.nasl
2010-03-02Name : Mandriva Update for drakxtools MDVA-2010:082 (drakxtools)
File : nvt/gb_mandriva_MDVA_2010_082.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
63818ClamAV libclamav/mspack.c qtm_decompress Function Crafted CAB Archive DoS

Nessus® Vulnerability Scanner

DateDescription
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_clamav-100414.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-6990.nasl - Type : ACT_GATHER_INFO
2010-09-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201009-06.nasl - Type : ACT_GATHER_INFO
2010-08-24Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO
2010-04-28Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12610.nasl - Type : ACT_GATHER_INFO
2010-04-26Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-6983.nasl - Type : ACT_GATHER_INFO
2010-04-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-082.nasl - Type : ACT_GATHER_INFO
2010-04-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-926-1.nasl - Type : ACT_GATHER_INFO
2010-04-07Name : The remote antivirus service is vulnerable to a file scan evasion attack.
File : clamav_0_96.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
BID http://www.securityfocus.com/bid/39262
CONFIRM http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=c...
http://support.apple.com/kb/HT4312
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
SECUNIA http://secunia.com/advisories/39293
http://secunia.com/advisories/39329
http://secunia.com/advisories/39656
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
UBUNTU http://www.ubuntu.com/usn/USN-926-1
VUPEN http://www.vupen.com/english/advisories/2010/0827
http://www.vupen.com/english/advisories/2010/0832
http://www.vupen.com/english/advisories/2010/0909
http://www.vupen.com/english/advisories/2010/1001
http://www.vupen.com/english/advisories/2010/1206

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:54:43
  • Multiple Updates
2013-05-10 23:22:03
  • Multiple Updates