Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ClamAV: Multiple vulnerabilities
Informations
Name GLSA-201405-08 First vendor Publication 2014-05-16
Vendor Gentoo Last vendor Modification 2014-05-16
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution.

Background

Clam AntiVirus (ClamAV) is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Description

Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could send a specially crafted file, leading to arbitrary code execution or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.98"

References

[ 1 ] CVE-2013-2020 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2020
[ 2 ] CVE-2013-2021 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2021
[ 3 ] CVE-2013-7087 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087
[ 4 ] CVE-2013-7088 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088
[ 5 ] CVE-2013-7089 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7089

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201405-08.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201405-08.xml

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-200 Information Exposure
20 % CWE-189 Numeric Errors (CWE/SANS Top 25)
20 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17560
 
Oval ID: oval:org.mitre.oval:def:17560
Title: USN-1816-1 -- clamav vulnerabilities
Description: ClamAV could be made to crash or run programs if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1816-1
CVE-2013-2020
CVE-2013-2021
Version: 7
Platform(s): Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): clamav
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25964
 
Oval ID: oval:org.mitre.oval:def:25964
Title: SUSE-SU-2013:1059-1 -- Security update for clamav
Description: This update contains clamav 0.97.8 which fixes security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1059-1
CVE-2013-2020
CVE-2013-2021
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 10
Product(s): clamav
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26004
 
Oval ID: oval:org.mitre.oval:def:26004
Title: SUSE-SU-2013:1059-2 -- Security update for clamav
Description: This release of clamav provides version 0.97.8 and fixes several potential security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1059-2
CVE-2013-2020
CVE-2013-2021
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): clamav
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28352
 
Oval ID: oval:org.mitre.oval:def:28352
Title: SUSE-SU-2014:1571-1 -- Security update for clamav (important)
Description: clamav was updated to version 0.98.5 to fix five security issues: * Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Fix heap corruption (CVE-2013-2020). * Fix overflow due to PDF key length computation (CVE-2013-2021). * Crash when using 'clamscan -a'. Several non-security issues have also been fixed, please refer to the package's change log for details. Security Issues: * CVE-2013-6497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497> * CVE-2014-9050 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050> * CVE-2013-2021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021> * CVE-2013-2020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1571-1
CVE-2013-6497
CVE-2014-9050
CVE-2013-2021
CVE-2013-2020
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): clamav
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 139
Os 5
Os 3
Os 2
Os 2

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-09-19 IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-430.nasl - Type : ACT_GATHER_INFO
2014-05-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-08.nasl - Type : ACT_GATHER_INFO
2013-09-17 Name : The remote host is missing a security update for OS X Server.
File : macosx_server_2_2_2.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10853.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10953.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10980.nasl - Type : ACT_GATHER_INFO
2013-06-21 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_clamav-130604.nasl - Type : ACT_GATHER_INFO
2013-06-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-8606.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Fedora host is missing a security update.
File : fedora_2013-8047.nasl - Type : ACT_GATHER_INFO
2013-05-04 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1816-1.nasl - Type : ACT_GATHER_INFO
2013-05-03 Name : The antivirus service running on the remote host is affected by multiple vuln...
File : clamav_0_97_8.nasl - Type : ACT_GATHER_INFO
2013-05-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-159.nasl - Type : ACT_GATHER_INFO
2013-03-24 Name : The antivirus service running on the remote host is affected by multiple vuln...
File : clamav_0_97_7.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-05-20 13:23:29
  • Multiple Updates
2014-05-16 17:21:12
  • First insertion