5 - CVE-2009-1371

Executive Summary

Informations
Name	CVE-2009-1371	First vendor Publication	2009-04-23
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-20	Improper Input Validation

CPE : Common Platform Enumeration

Type	Description	Count
Application	Clamav cpe:2.3:a:clamav:clamav:0.95:src1:::::: cpe:2.3:a:clamav:clamav:0.95:src2:::::: cpe:2.3:a:clamav:clamav:0.95:rc2:::::: cpe:2.3:a:clamav:clamav:0.95:rc1:::::: cpe:2.3:a:clamav:clamav:0.95:::::::* cpe:2.3:a:clamav:clamav:0.94.2:::::::* cpe:2.3:a:clamav:clamav:0.94.1:::::::* cpe:2.3:a:clamav:clamav:0.94:::::::* cpe:2.3:a:clamav:clamav:0.93.3:::::::* cpe:2.3:a:clamav:clamav:0.93.2:::::::* cpe:2.3:a:clamav:clamav:0.93.1:::::::* cpe:2.3:a:clamav:clamav:0.93:::::::* cpe:2.3:a:clamav:clamav:0.92.1:::::::* cpe:2.3:a:clamav:clamav:0.92_p0:::::::* cpe:2.3:a:clamav:clamav:0.92:::::::* cpe:2.3:a:clamav:clamav:0.91.2_p0:::::::* cpe:2.3:a:clamav:clamav:0.91.2:::::::* cpe:2.3:a:clamav:clamav:0.91.1:::::::* cpe:2.3:a:clamav:clamav:0.91_rc2:::::::* cpe:2.3:a:clamav:clamav:0.91_rc1:::::::* cpe:2.3:a:clamav:clamav:0.91:::::::* cpe:2.3:a:clamav:clamav:0.91:rc1:::::: cpe:2.3:a:clamav:clamav:0.91:rc2:::::: cpe:2.3:a:clamav:clamav:0.90.3_p1:::::::* cpe:2.3:a:clamav:clamav:0.90.3_p0:::::::* cpe:2.3:a:clamav:clamav:0.90.3:::::::* cpe:2.3:a:clamav:clamav:0.90.2_p0:::::::* cpe:2.3:a:clamav:clamav:0.90.2:::::::* cpe:2.3:a:clamav:clamav:0.90.1_p0:::::::* cpe:2.3:a:clamav:clamav:0.90.1:::::::* cpe:2.3:a:clamav:clamav:0.90_rc3:::::::* cpe:2.3:a:clamav:clamav:0.90_rc2:::::::* cpe:2.3:a:clamav:clamav:0.90_rc1.1:::::::* cpe:2.3:a:clamav:clamav:0.90_rc1:::::::* cpe:2.3:a:clamav:clamav:0.90:rc3:::::: cpe:2.3:a:clamav:clamav:0.90:rc1:::::: cpe:2.3:a:clamav:clamav:0.90:rc1.1:::::: cpe:2.3:a:clamav:clamav:0.90:rc2:::::: cpe:2.3:a:clamav:clamav:0.90:::::::* cpe:2.3:a:clamav:clamav:0.9_rc1:::::::* cpe:2.3:a:clamav:clamav:0.9:rc1:::::: cpe:2.3:a:clamav:clamav:0.88.7_p1:::::::* cpe:2.3:a:clamav:clamav:0.88.7_p0:::::::* cpe:2.3:a:clamav:clamav:0.88.7:::::::* cpe:2.3:a:clamav:clamav:0.88.6:::::::* cpe:2.3:a:clamav:clamav:0.88.5:::::::* cpe:2.3:a:clamav:clamav:0.88.4:::::::* cpe:2.3:a:clamav:clamav:0.88.3:::::::* cpe:2.3:a:clamav:clamav:0.88.2:::::::* cpe:2.3:a:clamav:clamav:0.88.1:::::::* cpe:2.3:a:clamav:clamav:0.88:::::::* cpe:2.3:a:clamav:clamav:0.87.1:::::::* cpe:2.3:a:clamav:clamav:0.87:::::::* cpe:2.3:a:clamav:clamav:0.86.2:::::::* cpe:2.3:a:clamav:clamav:0.86.1:::::::* cpe:2.3:a:clamav:clamav:0.86_rc1:::::::* cpe:2.3:a:clamav:clamav:0.86:rc1:::::: cpe:2.3:a:clamav:clamav:0.86:::::::* cpe:2.3:a:clamav:clamav:0.85.1:::::::* cpe:2.3:a:clamav:clamav:0.85:::::::* cpe:2.3:a:clamav:clamav:0.84_rc2:::::::* cpe:2.3:a:clamav:clamav:0.84_rc1:::::::* cpe:2.3:a:clamav:clamav:0.84:::::::* cpe:2.3:a:clamav:clamav:0.84:rc1:::::: cpe:2.3:a:clamav:clamav:0.84:rc2:::::: cpe:2.3:a:clamav:clamav:0.83:::::::* cpe:2.3:a:clamav:clamav:0.82:::::::* cpe:2.3:a:clamav:clamav:0.81_rc1:::::::* cpe:2.3:a:clamav:clamav:0.81:::::::* cpe:2.3:a:clamav:clamav:0.81:rc1:::::: cpe:2.3:a:clamav:clamav:0.80_rc3:::::::* cpe:2.3:a:clamav:clamav:0.80_rc2:::::::* cpe:2.3:a:clamav:clamav:0.80_rc1:::::::* cpe:2.3:a:clamav:clamav:0.80_rc:::::::* cpe:2.3:a:clamav:clamav:0.80:rc1:::::: cpe:2.3:a:clamav:clamav:0.80:rc2:::::: cpe:2.3:a:clamav:clamav:0.80:rc3:::::: cpe:2.3:a:clamav:clamav:0.80:rc4:::::: cpe:2.3:a:clamav:clamav:0.80:::::::* cpe:2.3:a:clamav:clamav:0.80:rc:::::: cpe:2.3:a:clamav:clamav:0.8_:rc3:::::: cpe:2.3:a:clamav:clamav:0.8:rc3:::::: cpe:2.3:a:clamav:clamav:0.75.1:::::::* cpe:2.3:a:clamav:clamav:0.75:::::::* cpe:2.3:a:clamav:clamav:0.74:::::::* cpe:2.3:a:clamav:clamav:0.73:::::::* cpe:2.3:a:clamav:clamav:0.72:::::::* cpe:2.3:a:clamav:clamav:0.71:::::::* cpe:2.3:a:clamav:clamav:0.70:::::::* cpe:2.3:a:clamav:clamav:0.70:rc:::::: cpe:2.3:a:clamav:clamav:0.68.1:::::::* cpe:2.3:a:clamav:clamav:0.68:::::::* cpe:2.3:a:clamav:clamav:0.67-1:::::::* cpe:2.3:a:clamav:clamav:0.67:::::::* cpe:2.3:a:clamav:clamav:0.66:::::::* cpe:2.3:a:clamav:clamav:0.65:::::::* cpe:2.3:a:clamav:clamav:0.60p:::::::* cpe:2.3:a:clamav:clamav:0.60:::::::* cpe:2.3:a:clamav:clamav:0.54:::::::* cpe:2.3:a:clamav:clamav:0.53:::::::* cpe:2.3:a:clamav:clamav:0.52:::::::* cpe:2.3:a:clamav:clamav:0.51:::::::* cpe:2.3:a:clamav:clamav:0.3:::::::* cpe:2.3:a:clamav:clamav:0.24:::::::* cpe:2.3:a:clamav:clamav:0.23:::::::* cpe:2.3:a:clamav:clamav:0.22:::::::* cpe:2.3:a:clamav:clamav:0.21:::::::* cpe:2.3:a:clamav:clamav:0.20:::::::* cpe:2.3:a:clamav:clamav:0.15:::::::* cpe:2.3:a:clamav:clamav:0.14:::::::* cpe:2.3:a:clamav:clamav:0.14:pre:::::: cpe:2.3:a:clamav:clamav:0.13:::::::* cpe:2.3:a:clamav:clamav:0.12:::::::* cpe:2.3:a:clamav:clamav:0.10:::::::* cpe:2.3:a:clamav:clamav:0.05:::::::* cpe:2.3:a:clamav:clamav:0.03:::::::* cpe:2.3:a:clamav:clamav:0.02:::::::* cpe:2.3:a:clamav:clamav:0.01:::::::* cpe:2.3:a:clamav:clamav:::::::: cpe:2.3:a:clamav:clamav:::::lts:::*	120

OpenVAS Exploits

Date	Description
2010-05-12	Name : Mac OS X Security Update 2009-005 File : nvt/macosx_secupd_2009-005.nasl
2009-12-14	Name : Mandriva Security Advisory MDVSA-2009:327 (clamav) File : nvt/mdksa_2009_327.nasl
2009-10-10	Name : SLES9: Security update for ClamAV File : nvt/sles9p5048232.nasl
2009-09-15	Name : Gentoo Security Advisory GLSA 200909-04 (clamav) File : nvt/glsa_200909_04.nasl
2009-04-30	Name : ClamAV Denial of Service Vulnerability (Linux) File : nvt/secpod_clamav_dos_vuln_lin.nasl
2009-04-30	Name : ClamAV Denial of Service Vulnerability (Win) File : nvt/secpod_clamav_dos_vuln_win.nasl
2009-04-28	Name : Mandrake Security Advisory MDVSA-2009:097 (clamav) File : nvt/mdksa_2009_097.nasl
2009-04-20	Name : Debian Security Advisory DSA 1771-1 (clamav) File : nvt/deb_1771_1.nasl
2009-04-15	Name : Ubuntu USN-756-1 (clamav) File : nvt/ubuntu_756_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
53602	ClamAV Malformed UPack Packed File Handling DoS ClamAV contains a flaw that may allow a local denial of service. The issue is triggered when a UPack packed file is processed, and will result in loss of availability for the application.

Nessus® Vulnerability Scanner

Date	Description
2009-12-09	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-327.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12402.nasl - Type : ACT_GATHER_INFO
2009-09-11	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO
2009-09-10	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-04.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_clamav-090417.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_clamav-090416.nasl - Type : ACT_GATHER_INFO
2009-04-27	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-097.nasl - Type : ACT_GATHER_INFO
2009-04-27	Name : The remote openSUSE host is missing a security update. File : suse_clamav-6201.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-756-1.nasl - Type : ACT_GATHER_INFO
2009-04-16	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1771.nasl - Type : ACT_GATHER_INFO
2009-04-10	Name : The remote antivirus service is affected by multiple vulnerabilities. File : clamav_0_95_1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://osvdb.org/53602
http://secunia.com/advisories/34612
http://secunia.com/advisories/34654
http://secunia.com/advisories/34716
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2...
http://www.debian.org/security/2009/dsa-1771
http://www.mandriva.com/security/advisories?name=MDVSA-2009:097
http://www.securityfocus.com/bid/34446
http://www.securitytracker.com/id?1022028
http://www.ubuntu.com/usn/usn-756-1
http://www.vupen.com/english/advisories/2009/0985
https://launchpad.net/bugs/360502
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:11:31	Multiple Updates
2024-11-28 12:18:47	Multiple Updates
2022-01-22 01:07:09	Multiple Updates
2021-05-05 01:05:52	Multiple Updates
2021-05-04 12:09:27	Multiple Updates
2021-04-22 01:09:48	Multiple Updates
2020-05-23 01:40:18	Multiple Updates
2020-05-23 00:23:40	Multiple Updates
2019-04-11 12:02:33	Multiple Updates
2018-09-15 01:02:29	Multiple Updates
2016-06-28 17:39:49	Multiple Updates
2016-04-26 18:46:28	Multiple Updates
2014-02-17 10:49:45	Multiple Updates
2013-05-10 23:49:11	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	120
Sources(s)	16
osvdb(s)	1
Openvas Exploit(s)	9
Nessus® Exploit(s)	11

	Related
10	MDVSA-2009:327
10	MDVSA-2009:097
10	GLSA-200909-04
7.8	DSA-1771
5	USN-756-1
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)

5 - CVE-2009-1371

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU