Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New clamav packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-1497 | First vendor Publication | 2008-02-16 |
| Vendor | Debian | Last vendor Modification | 2008-02-16 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to the execution of arbitrary or local denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6595 It was discovered that temporary files are created insecurely, which may result in local denial of service by overwriting files. CVE-2008-0318 Silvio Cesare discovered an integer overflow in the parser for PE headers. For the stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-3etch10. In addition to these fixes, this update also incorporates changes from the upcoming point release of the stable distribution (non-free RAR handling code was removed). The version of clamav in the old stable distribution (sarge) is no longer supported with security updates. We recommend that you upgrade your clamav packages. |
Original Source
| Url : http://www.debian.org/security/2008/dsa-1497 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 50 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18471 | |||
| Oval ID: | oval:org.mitre.oval:def:18471 | ||
| Title: | DSA-1497-1 clamav - several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to the execution of arbitrary or local denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1497-1 CVE-2007-6595 CVE-2008-0318 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | clamav |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7444 | |||
| Oval ID: | oval:org.mitre.oval:def:7444 | ||
| Title: | DSA-1497 clamav -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to the execution of arbitrary or local denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that temporary files are created insecurely, which may result in local denial of service by overwriting files. Silvio Cesare discovered an integer overflow in the parser for PE headers. The version of clamav in the old stable distribution (sarge) is no longer supported with security updates. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1497 CVE-2007-6595 CVE-2008-0318 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | clamav |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for clamav File : nvt/sles9p5021938.nasl |
| 2009-10-10 | Name : SLES9: Security update for clamav File : nvt/sles9p5023300.nasl |
| 2009-04-09 | Name : Mandriva Update for clamav MDVSA-2008:088 (clamav) File : nvt/gb_mandriva_MDVSA_2008_088.nasl |
| 2009-02-16 | Name : Fedora Update for clamav FEDORA-2008-1608 File : nvt/gb_fedora_2008_1608_clamav_fc7.nasl |
| 2009-02-16 | Name : Fedora Update for clamav FEDORA-2008-1625 File : nvt/gb_fedora_2008_1625_clamav_fc8.nasl |
| 2009-01-23 | Name : SuSE Update for clamav SUSE-SA:2008:024 File : nvt/gb_suse_2008_024.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200802-09 (clamav) File : nvt/glsa_200802_09.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-07 (clamav) File : nvt/glsa_200808_07.nasl |
| 2008-09-04 | Name : FreeBSD Ports: clamav File : nvt/freebsd_clamav13.nasl |
| 2008-02-29 | Name : ClamAV < 0.93.1 vulnerability File : nvt/clamav-CB-A08-0001.nasl |
| 2008-02-28 | Name : Debian Security Advisory DSA 1497-1 (clamav) File : nvt/deb_1497_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43338 | ClamAV sigtool .ascii Files Symlink Arbitrary File Overwrite |
| 43337 | ClamAV libclamav/others.c cli_gentempfd Function Symlink Arbitrary File Overw... |
| 42297 | ClamAV libclamav cli_scanpe Function Petite Packed PE File Handling Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | ClamAV libclamav PE file handling integer overflow attempt RuleID : 17305 - Revision : 9 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-088.nasl - Type : ACT_GATHER_INFO |
| 2008-08-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-07.nasl - Type : ACT_GATHER_INFO |
| 2008-04-25 | Name : The remote openSUSE host is missing a security update. File : suse_clamav-5199.nasl - Type : ACT_GATHER_INFO |
| 2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_clamav-5200.nasl - Type : ACT_GATHER_INFO |
| 2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
| 2008-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200802-09.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1497.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_be4b0529dbaf11dc9791000ea6702141.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_clamav-5008.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote openSUSE host is missing a security update. File : suse_clamav-5009.nasl - Type : ACT_GATHER_INFO |
| 2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1608.nasl - Type : ACT_GATHER_INFO |
| 2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1625.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:27:21 |
|
