This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Clam Anti-Virus First view 2005-05-27
Product Clamav Last view 2008-12-03
Version 0.06 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:clam_anti-virus:clamav

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2008-12-03 CVE-2008-5314

Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.

9.3 2008-11-12 CVE-2008-5050

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

5 2008-09-04 CVE-2008-1389

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

5 2008-04-16 CVE-2008-1837

libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.

5 2008-04-16 CVE-2008-1835

ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.

10 2008-02-12 CVE-2008-0318

Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

6.8 2007-12-19 CVE-2007-6336

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.

7.5 2007-12-19 CVE-2007-6335

Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

7.6 2007-08-27 CVE-2007-4560

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

4.3 2007-08-23 CVE-2007-4510

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.

7.1 2007-04-16 CVE-2007-1745

The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.

6.4 2007-02-16 CVE-2007-0898

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.

4.3 2007-02-16 CVE-2007-0897

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

5 2006-12-09 CVE-2006-5874

Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.

5 2006-10-16 CVE-2006-5295

Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."

7.5 2006-10-16 CVE-2006-4182

Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.

7.5 2005-05-27 CVE-2005-1795

The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.

CWE : Common Weakness Enumeration

%idName
25% (3) CWE-399 Resource Management Errors
25% (3) CWE-189 Numeric Errors
16% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (2) CWE-20 Improper Input Validation
8% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
8% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

SAINT Exploits

Description Link
ClamAV milter popen command injection More info here

Open Source Vulnerability Database (OSVDB)

id Description
50363 ClamAV libclamav/special.c Multiple Function Crafted JPEG File Handling Overf...
49832 ClamAV libclamav/vba_extract.c get_unicode_name() Function Off-by-one Overflow
47881 ClamAV libclamav/chmunpack.c Crafted CHM File Handling DoS
44524 ClamAV libclamunrar Crafted RAR File Handling Remote DoS
44522 ClamAV Crafted RAR File Handling Remote Security Bypass
42297 ClamAV libclamav cli_scanpe Function Petite Packed PE File Handling Overflow
42295 ClamAV libclamav cli_scanpe() MEW Packed PE File Handling Overflow
42294 ClamAV MS-ZIP Compressed CAB File Unspecified Arbitrary Code Execution
36911 Clam AntiVirus libclamav/htmlnorm.c cli_html_normalise Function HTML Handling...
36910 Clam AntiVirus libclamav/rtf.c cli_scanrtf Function RTF File Handling DoS
36909 ClamAV clamav-milter black-hole-mode Sendmail Recipient Field Arbitrary Comma...
34913 Clam AntiVirus libclamav/chmunpack.c chm_decompress_stream Function File Desc...
32283 Clam AntiVirus MIME Malformed CAB File Processing DoS
32282 Clam AntiVirus MIME Header Traversal Arbitrary File Overwrite
31282 Clam AntiVirus Invalid Base64 MIME Attachment DoS
29774 Clam AntiVirus CHM Handling Unspecified Memory Corruption DoS
29773 Clam AntiVirus Portable Executable (PE) File Handling Overflow
16908 Clam AntiVirus on Mac OS X Crafted Filename Privilege Escalation

ExploitDB Exploits

id Description
4862 ClamAV 0.91.2 libclamav MEW PE Buffer Overflow Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2010-05-12 Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12 Name : Mac OS X Security Update 2009-001
File : nvt/macosx_secupd_2009-001.nasl
2010-05-12 Name : Mac OS X 10.5.5 Update / Security Update 2008-006
File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl
2009-10-13 Name : SLES10: Security update for clamav
File : nvt/sles10_clamav.nasl
2009-10-13 Name : SLES10: Security update for ClamAV
File : nvt/sles10_clamav5.nasl
2009-10-13 Name : SLES10: Security update for clamav
File : nvt/sles10_clamav6.nasl
2009-10-10 Name : SLES9: Security update for ClamAV
File : nvt/sles9p5039718.nasl
2009-10-10 Name : SLES9: Security update for clamav
File : nvt/sles9p5010212.nasl
2009-10-10 Name : SLES9: Security update for clamav
File : nvt/sles9p5012138.nasl
2009-10-10 Name : SLES9: Security update for clamav
File : nvt/sles9p5013169.nasl
2009-10-10 Name : SLES9: Security update for clamav
File : nvt/sles9p5016282.nasl
2009-10-10 Name : SLES9: Security update for clamav
File : nvt/sles9p5019327.nasl
2009-10-10 Name : SLES9: Security update for clamav
File : nvt/sles9p5021938.nasl
2009-10-10 Name : SLES9: Security update for clamav
File : nvt/sles9p5023300.nasl
2009-10-10 Name : SLES9: Security update for clamav
File : nvt/sles9p5035180.nasl
2009-10-10 Name : SLES9: Security update for ClamAV
File : nvt/sles9p5038481.nasl
2009-04-09 Name : Mandriva Update for clamav MDVSA-2008:229 (clamav)
File : nvt/gb_mandriva_MDVSA_2008_229.nasl
2009-04-09 Name : Mandriva Update for clamav MDVSA-2008:239 (clamav)
File : nvt/gb_mandriva_MDVSA_2008_239.nasl
2009-04-09 Name : Mandriva Update for clamav MDVSA-2008:189-1 (clamav)
File : nvt/gb_mandriva_MDVSA_2008_189_1.nasl
2009-04-09 Name : Mandriva Update for clamav MDVSA-2008:189 (clamav)
File : nvt/gb_mandriva_MDVSA_2008_189.nasl
2009-04-09 Name : Mandriva Update for clamav MDVSA-2008:088 (clamav)
File : nvt/gb_mandriva_MDVSA_2008_088.nasl
2009-04-09 Name : Mandriva Update for clamav MDVSA-2008:003 (clamav)
File : nvt/gb_mandriva_MDVSA_2008_003.nasl
2009-04-09 Name : Mandriva Update for clamav MDKSA-2007:172 (clamav)
File : nvt/gb_mandriva_MDKSA_2007_172.nasl
2009-04-09 Name : Mandriva Update for clamav MDKSA-2007:098 (clamav)
File : nvt/gb_mandriva_MDKSA_2007_098.nasl
2009-04-09 Name : Mandriva Update for clamav MDKSA-2007:043 (clamav)
File : nvt/gb_mandriva_MDKSA_2007_043.nasl

Snort® IPS/IDS

Date Description
2014-01-10 ClamAV Antivirus Function Denial of Service attempt
RuleID : 26374 - Type : FILE-IMAGE - Revision : 9
2014-01-10 ClamAV Antivirus Function Denial of Service attempt
RuleID : 26373 - Type : FILE-IMAGE - Revision : 5
2014-01-10 ClamAV Antivirus Function Denial of Service attempt
RuleID : 26372 - Type : FILE-IMAGE - Revision : 5
2014-01-10 ClamAV antivirus CHM file handling DOS
RuleID : 17602 - Type : FILE-OTHER - Revision : 10
2014-01-10 ClamAV Antivirus Function Denial of Service attempt
RuleID : 17390 - Type : FILE-IMAGE - Revision : 10
2014-01-10 ClamAV libclamav PE file handling integer overflow attempt
RuleID : 17305 - Type : FILE-OTHER - Revision : 9
2014-01-10 ClamAV MEW PE file integer overflow attempt
RuleID : 13362 - Type : EXPLOIT - Revision : 8
2014-01-10 ClamAV MEW PE file integer overflow attempt
RuleID : 13361 - Type : FILE-OTHER - Revision : 13
2014-01-10 Recipient arbitrary command injection attempt
RuleID : 12592 - Type : SERVER-MAIL - Revision : 15
2014-01-10 ClamAV mime parsing directory traversal
RuleID : 10186 - Type : SERVER-MAIL - Revision : 9

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-04-23 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12293.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12236.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12292.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12318.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_clamav-5842.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_clamav-5769.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_clamav-080905.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_clamav-081114.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_clamav-081204.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-229.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-239.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-189.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-088.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-672-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-684-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-003.nasl - Type: ACT_GATHER_INFO
2009-02-13 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2009-001.nasl - Type: ACT_GATHER_INFO
2008-12-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200812-21.nasl - Type: ACT_GATHER_INFO
2008-12-15 Name: The remote openSUSE host is missing a security update.
File: suse_clamav-5843.nasl - Type: ACT_GATHER_INFO
2008-12-11 Name: The remote antivirus service is affected by multiple issues.
File: clamav_0_94.nasl - Type: ACT_GATHER_INFO
2008-12-04 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1680.nasl - Type: ACT_GATHER_INFO
2008-12-03 Name: The remote antivirus service is vulnerable to a denial of service attack.
File: clamav_0_94_2.nasl - Type: ACT_GATHER_INFO
2008-11-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_clamav-5768.nasl - Type: ACT_GATHER_INFO
2008-11-24 Name: The remote openSUSE host is missing a security update.
File: suse_clamav-5773.nasl - Type: ACT_GATHER_INFO
2008-11-16 Name: The remote Fedora host is missing a security update.
File: fedora_2008-9651.nasl - Type: ACT_GATHER_INFO