Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2008:189-1 | First vendor Publication | 2008-09-17 |
Vendor | Mandriva | Last vendor Modification | 2008-09-17 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition (CVE-2008-3912). Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption (CVE-2008-3913). A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks (CVE-2008-3914). Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. Update: The previous update had experimental support enabled, which caused ClamAV to report the version as 0.94-exp rather than 0.94, causing ClamAV to produce bogus warnings about the installation being outdated. This update corrects that problem. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:189-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
25 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
25 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17755 | |||
Oval ID: | oval:org.mitre.oval:def:17755 | ||
Title: | DSA-1660-1 clamav - denial of service | ||
Description: | Several denial-of-service vulnerabilities have been discovered in the ClamAV anti-virus toolkit: | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1660-1 CVE-2008-3912 CVE-2008-3913 CVE-2008-3914 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | clamav |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2009-10-13 | Name : SLES10: Security update for clamav File : nvt/sles10_clamav.nasl |
2009-10-10 | Name : SLES9: Security update for clamav File : nvt/sles9p5035180.nasl |
2009-04-09 | Name : Mandriva Update for clamav MDVSA-2008:189 (clamav) File : nvt/gb_mandriva_MDVSA_2008_189.nasl |
2009-04-09 | Name : Mandriva Update for clamav MDVSA-2008:189-1 (clamav) File : nvt/gb_mandriva_MDVSA_2008_189_1.nasl |
2009-02-17 | Name : Fedora Update for clamav FEDORA-2008-9644 File : nvt/gb_fedora_2008_9644_clamav_fc9.nasl |
2009-02-17 | Name : Fedora Update for clamav FEDORA-2008-9651 File : nvt/gb_fedora_2008_9651_clamav_fc8.nasl |
2008-11-01 | Name : Debian Security Advisory DSA 1660-1 (clamav) File : nvt/deb_1660_1.nasl |
2008-09-28 | Name : Gentoo Security Advisory GLSA 200809-18 (clamav) File : nvt/glsa_200809_18.nasl |
2008-09-17 | Name : FreeBSD Ports: clamav File : nvt/freebsd_clamav15.nasl |
2008-09-05 | Name : ClamAV Invalid Memory Access Denial Of Service Vulnerability File : nvt/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
48239 | ClamAV error path File Descriptor Leak Multiple Unspecified Issue |
48238 | ClamAV freshclam/manager.c error path Unspecified Memory Consumption DoS |
48237 | ClamAV libclamav Unspecified Memory Exhaustion DoS |
47881 | ClamAV libclamav/chmunpack.c Crafted CHM File Handling DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | ClamAV antivirus CHM file handling DOS RuleID : 17602 - Revision : 10 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12236.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_clamav-080905.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-189.nasl - Type : ACT_GATHER_INFO |
2008-12-11 | Name : The remote antivirus service is affected by multiple issues. File : clamav_0_94.nasl - Type : ACT_GATHER_INFO |
2008-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9644.nasl - Type : ACT_GATHER_INFO |
2008-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9651.nasl - Type : ACT_GATHER_INFO |
2008-10-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1660.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-09-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200809-18.nasl - Type : ACT_GATHER_INFO |
2008-09-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_da5c4072808211dd9c8c001c2514716c.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote openSUSE host is missing a security update. File : suse_clamav-5578.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_clamav-5579.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:39:40 |
|