Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:327 | First vendor Publication | 2009-12-08 |
Vendor | Mandriva | Last vendor Modification | 2009-12-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been found and corrected in clamav: Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241). libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680). libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270). The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371). Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372). Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides clamav 0.95.2, which is not vulnerable to these issues. Additionally klamav-0.46 is being provided that has support for clamav-0.95+. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:327 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13917 | |||
Oval ID: | oval:org.mitre.oval:def:13917 | ||
Title: | USN-754-1 -- clamav vulnerabilities | ||
Description: | It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. It was discovered that ClamAV did not properly validate Portable Executable files. A remote attacker could send a crafted PE file and cause a denial of service . | ||
Family: | unix | Class: | patch |
Reference(s): | USN-754-1 CVE-2009-1270 CVE-2008-6680 | Version: | 5 |
Platform(s): | Ubuntu 8.10 | Product(s): | clamav |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2009-005 File : nvt/macosx_secupd_2009-005.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:327 (clamav) File : nvt/mdksa_2009_327.nasl |
2009-10-13 | Name : SLES10: Security update for ClamAV File : nvt/sles10_clamav1.nasl |
2009-10-11 | Name : SLES11: Security update for ClamAV File : nvt/sles11_clamav.nasl |
2009-10-10 | Name : SLES9: Security update for ClamAV File : nvt/sles9p5046992.nasl |
2009-10-10 | Name : SLES9: Security update for ClamAV File : nvt/sles9p5048232.nasl |
2009-09-15 | Name : Gentoo Security Advisory GLSA 200909-04 (clamav) File : nvt/glsa_200909_04.nasl |
2009-04-30 | Name : ClamAV Denial of Service Vulnerability (Linux) File : nvt/secpod_clamav_dos_vuln_lin.nasl |
2009-04-30 | Name : ClamAV Denial of Service Vulnerability (Win) File : nvt/secpod_clamav_dos_vuln_win.nasl |
2009-04-28 | Name : Mandrake Security Advisory MDVSA-2009:097 (clamav) File : nvt/mdksa_2009_097.nasl |
2009-04-28 | Name : SuSE Security Summary SUSE-SR:2009:009 File : nvt/suse_sr_2009_009.nasl |
2009-04-23 | Name : ClamAV Multiple Vulnerabilities (Linux) File : nvt/gb_clamav_mult_vuln_apr09_lin.nasl |
2009-04-23 | Name : ClamAV Multiple Vulnerabilities (Win) File : nvt/gb_clamav_mult_vuln_apr09_win.nasl |
2009-04-20 | Name : Debian Security Advisory DSA 1771-1 (clamav) File : nvt/deb_1771_1.nasl |
2009-04-15 | Name : Ubuntu USN-754-1 (clamav) File : nvt/ubuntu_754_1.nasl |
2009-04-15 | Name : Ubuntu USN-756-1 (clamav) File : nvt/ubuntu_756_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53603 | ClamAV libclamav/phishcheck.c cli_url_canon() Function URL Handling Overflow |
53602 | ClamAV Malformed UPack Packed File Handling DoS ClamAV contains a flaw that may allow a local denial of service. The issue is triggered when a UPack packed file is processed, and will result in loss of availability for the application. |
53598 | ClamAV --detect-broken Option PE File Handling DoS |
53597 | ClamAV RAR Archive Invalid Uncompressed Size Field Scan Bypass |
53461 | ClamAV libclamav/untar.c clamd / clamscan Infinite Loop DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-12-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-327.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12388.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12402.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_clamav-090407.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_clamav-6144.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-04.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_clamav-090408.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_clamav-090417.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_clamav-090407.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_clamav-090416.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_clamav-6201.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-097.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-756-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-754-1.nasl - Type : ACT_GATHER_INFO |
2009-04-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1771.nasl - Type : ACT_GATHER_INFO |
2009-04-10 | Name : The remote antivirus service is affected by multiple vulnerabilities. File : clamav_0_95_1.nasl - Type : ACT_GATHER_INFO |
2009-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_clamav-6145.nasl - Type : ACT_GATHER_INFO |
2009-04-02 | Name : The remote antivirus service is affected by multiple vulnerabilities. File : clamav_0_95.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:05 |
|