{"id": "DEBIAN:DLA-1105-1:10F58", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 1105-1] clamav security update", "description": "Package : clamav\nVersion : 0.99.2+dfsg-0+deb7u3\nCVE ID : CVE-2017-6418 CVE-2017-6420\n\nclamav is vulnerable to multiple issues that can lead\nto denial of service when processing untrusted content.\n\nCVE-2017-6418\n\n out-of-bounds read in libclamav/message.c, allowing remote attackers\n to cause a denial of service via a crafted e-mail message.\n\nCVE-2017-6420\n\n use-after-free in the wwunpack function (libclamav/wwunpack.c), allowing\n remote attackers to cause a denial of service via a crafted PE file with\n WWPack compression.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n0.99.2+dfsg-0+deb7u3.\n\nWe recommend that you upgrade your clamav packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "published": "2017-09-22T20:56:07", "modified": "2017-09-22T20:56:07", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00023.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2017-6420", "CVE-2017-6418"], "type": "debian", "lastseen": "2019-05-30T02:23:10", "edition": 3, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-6420", "CVE-2017-6418"]}, {"type": "nessus", "idList": ["OPENSUSE-2018-102.NASL", "FEDORA_2018-2A1F469C85.NASL", "DEBIAN_DLA-1105.NASL", "FEDORA_2018-958B22C73F.NASL", "GENTOO_GLSA-201804-16.NASL", "FEDORA_2018-A86BAD9689.NASL", "UBUNTU_USN-3393-1.NASL", "ALA_ALAS-2018-958.NASL", "SUSE_SU-2018-0254-1.NASL", "FEDORA_2018-CB339851E7.NASL"]}, {"type": "fedora", "idList": ["FEDORA:4D2A860BA919", "FEDORA:964A26002CF7", "FEDORA:06420604AF9F", "FEDORA:2BD426149B3C", "FEDORA:F2D026078F6E"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811575", "OPENVAS:1361412562310874053", "OPENVAS:1361412562310875200", "OPENVAS:1361412562310843290", "OPENVAS:1361412562310874063", "OPENVAS:1361412562310811576", "OPENVAS:1361412562310851691", "OPENVAS:1361412562310891105", "OPENVAS:1361412562310874052", "OPENVAS:1361412562310874100"]}, {"type": "ubuntu", "idList": ["USN-3393-1", "USN-3393-2"]}, {"type": "gentoo", "idList": ["GLSA-201804-16"]}, {"type": "archlinux", "idList": ["ASA-201802-1"]}, {"type": "amazon", "idList": ["ALAS-2018-958"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0255-1", "SUSE-SU-2018:0254-1", "OPENSUSE-SU-2018:0258-1"]}], "modified": "2019-05-30T02:23:10", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2019-05-30T02:23:10", "rev": 2}, "vulnersScore": 5.6}, "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "clamav_0.99.2+dfsg-0+deb7u3_all.deb", "packageName": "clamav", "packageVersion": "0.99.2+dfsg-0+deb7u3"}], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T13:07:46", "description": "libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-07T03:29:00", "title": "CVE-2017-6418", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6418"], "modified": "2018-10-21T10:29:00", "cpe": ["cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-6418", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6418", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:46", "description": "The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-07T03:29:00", "title": "CVE-2017-6420", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6420"], "modified": "2018-10-21T10:29:00", "cpe": ["cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-6420", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6420", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6418", "CVE-2017-6420"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-01-25T07:15:31", "published": "2018-01-25T07:15:31", "id": "FEDORA:2BD426149B3C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: clamav-0.99.2-18.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6418", "CVE-2017-6420"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-01-26T17:56:49", "published": "2018-01-26T17:56:49", "id": "FEDORA:964A26002CF7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: clamav-0.99.2-18.fc26", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380", "CVE-2017-6418", "CVE-2017-6419", "CVE-2017-6420"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-02-06T10:54:02", "published": "2018-02-06T10:54:02", "id": "FEDORA:F2D026078F6E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: clamav-0.99.3-1.fc26", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380", "CVE-2017-6418", "CVE-2017-6419", "CVE-2017-6420"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-01-29T18:09:32", "published": "2018-01-29T18:09:32", "id": "FEDORA:4D2A860BA919", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: clamav-0.99.3-1.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6706", "CVE-2017-11423", "CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380", "CVE-2017-6418", "CVE-2017-6419", "CVE-2017-6420", "CVE-2018-0202", "CVE-2018-1000085", "CVE-2018-14679", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-15378"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-10-16T12:10:03", "published": "2018-10-16T12:10:03", "id": "FEDORA:06420604AF9F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: clamav-0.100.2-2.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-01-27T00:00:00", "id": "OPENVAS:1361412562310874053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874053", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2018-a86bad9689", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a86bad9689_clamav_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for clamav FEDORA-2018-a86bad9689\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874053\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-27 07:51:13 +0100 (Sat, 27 Jan 2018)\");\n script_cve_id(\"CVE-2017-6420\", \"CVE-2017-6418\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for clamav FEDORA-2018-a86bad9689\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a86bad9689\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZG3W4EH7R4SLKKF5DITWGP3F2FYKPMZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.99.2~18.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:09:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418"], "description": "clamav is vulnerable to multiple issues that can lead\nto denial of service when processing untrusted content.\n\nCVE-2017-6418\n\nout-of-bounds read in libclamav/message.c, allowing remote attackers\nto cause a denial of service via a crafted e-mail message.\n\nCVE-2017-6420\n\nuse-after-free in the wwunpack function (libclamav/wwunpack.c), allowing\nremote attackers to cause a denial of service via a crafted PE file with\nWWPack compression.", "modified": "2020-01-29T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310891105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891105", "type": "openvas", "title": "Debian LTS: Security Advisory for clamav (DLA-1105-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891105\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6420\");\n script_name(\"Debian LTS: Security Advisory for clamav (DLA-1105-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00023.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"clamav on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n0.99.2+dfsg-0+deb7u3.\n\nWe recommend that you upgrade your clamav packages.\");\n\n script_tag(name:\"summary\", value:\"clamav is vulnerable to multiple issues that can lead\nto denial of service when processing untrusted content.\n\nCVE-2017-6418\n\nout-of-bounds read in libclamav/message.c, allowing remote attackers\nto cause a denial of service via a crafted e-mail message.\n\nCVE-2017-6420\n\nuse-after-free in the wwunpack function (libclamav/wwunpack.c), allowing\nremote attackers to cause a denial of service via a crafted PE file with\nWWPack compression.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-base\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-daemon\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-dbg\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-docs\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-freshclam\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-milter\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-testfiles\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libclamav-dev\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libclamav7\", ver:\"0.99.2+dfsg-0+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-01-26T00:00:00", "id": "OPENVAS:1361412562310874052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874052", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2018-2a1f469c85", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2a1f469c85_clamav_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for clamav FEDORA-2018-2a1f469c85\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874052\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-26 07:49:44 +0100 (Fri, 26 Jan 2018)\");\n script_cve_id(\"CVE-2017-6420\", \"CVE-2017-6418\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for clamav FEDORA-2018-2a1f469c85\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2a1f469c85\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4P2BIU2WEDPFW5FY265GWEFIPWWKOCWC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.99.2~18.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-6419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-08-18T00:00:00", "id": "OPENVAS:1361412562310843290", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843290", "type": "openvas", "title": "Ubuntu Update for clamav USN-3393-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3393_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for clamav USN-3393-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843290\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-18 07:33:56 +0200 (Fri, 18 Aug 2017)\");\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for clamav USN-3393-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ClamAV incorrectly\n handled parsing certain e-mail messages. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service.\n (CVE-2017-6418) It was discovered that ClamAV incorrectly handled certain\n malformed CHM files. A remote attacker could use this issue to cause ClamAV to\n crash, resulting in a denial of service, or possibly execute arbitrary code.\n This issue only affected Ubuntu 14.04 LTS. In the default installation,\n attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419) It\n was discovered that ClamAV incorrectly handled parsing certain PE files with\n WWPack compression. A remote attacker could possibly use this issue to cause\n ClamAV to crash, resulting in a denial of service. (CVE-2017-6420)\");\n script_tag(name:\"affected\", value:\"clamav on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3393-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3393-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.2+addedllvm-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.2+dfsg-6ubuntu0.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.2+dfsg-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-11423", "CVE-2017-6419"], "description": "This host is installed with ClamAV and is\n prone to multiple denial of service vulnerabilities.", "modified": "2018-10-15T00:00:00", "published": "2017-08-08T00:00:00", "id": "OPENVAS:1361412562310811576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811576", "type": "openvas", "title": "ClamAV Multiple Denial of Service Vulnerabilities Aug17 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_clamav_mult_dos_vuln_aug17_lin.nasl 11900 2018-10-15 07:44:31Z mmartin $\n#\n# ClamAV Multiple Denial of Service Vulnerabilities Aug17 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:clamav:clamav\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811576\");\n script_version(\"$Revision: 11900 $\");\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\", \"CVE-2017-11423\");\n script_bugtraq_id(100154);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-15 09:44:31 +0200 (Mon, 15 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-08 14:13:11 +0530 (Tue, 08 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"ClamAV Multiple Denial of Service Vulnerabilities Aug17 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ClamAV and is\n prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - An improper calidation for CHM file in 'mspack/lzxd.c' script in\n libmspack 0.5alpha.\n\n - An improper calidation for CAB file in cabd_read_string function in\n 'mspack/cabd.c' script in libmspack 0.5alpha.\n\n - An improper validation for e-mail message in 'libclamav/message.c'\n script.\n\n - An improper validation for PE file in wwunpack function in\n 'libclamav/wwunpack.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to cause a denial of service or possibly have unspecified other\n impact.\");\n\n script_tag(name:\"affected\", value:\"ClamAV version 0.99.2 on Linux\");\n\n script_tag(name:\"solution\", value:\"Update to version 0.99.3-beta1.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1\");\n script_xref(name:\"URL\", value:\"https://github.com/vrtadmin/clamav-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_clamav_remote_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ClamAV/remote/Ver\", \"Host/runs_unixoide\");\n script_require_ports(3310);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!clamPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!clamVer = get_app_version(cpe:CPE, port:clamPort)){\n exit(0);\n}\n\nif(clamVer == \"0.99.2\")\n{\n report = report_fixed_ver(installed_version:clamVer, fixed_version:\"0.99.3-beta1\");\n security_message(data:report, port:clamPort);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-11423", "CVE-2017-6419"], "description": "This host is installed with ClamAV and is\n prone to multiple denial of service vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2017-08-08T00:00:00", "id": "OPENVAS:1361412562310811575", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811575", "type": "openvas", "title": "ClamAV Multiple Denial of Service Vulnerabilities Aug17 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_clamav_mult_dos_vuln_aug17_win.nasl 11977 2018-10-19 07:28:56Z mmartin $\n#\n# ClamAV Multiple Denial of Service Vulnerabilities Aug17 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:clamav:clamav\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811575\");\n script_version(\"$Revision: 11977 $\");\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\", \"CVE-2017-11423\");\n script_bugtraq_id(100154);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 09:28:56 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-08 14:13:11 +0530 (Tue, 08 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"ClamAV Multiple Denial of Service Vulnerabilities Aug17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ClamAV and is\n prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - An improper calidation for CHM file in 'mspack/lzxd.c' script in\n libmspack 0.5alpha.\n\n - An improper calidation for CAB file in cabd_read_string function in\n 'mspack/cabd.c' script in libmspack 0.5alpha.\n\n - An improper validation for e-mail message in 'libclamav/message.c'\n script.\n\n - An improper validation for PE file in wwunpack function in\n 'libclamav/wwunpack.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to cause a denial of service or possibly have unspecified other\n impact.\");\n\n script_tag(name:\"affected\", value:\"ClamAV version 0.99.2 on Windows\");\n\n script_tag(name:\"solution\", value:\"Update to version 0.99.3-beta1.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1\");\n script_xref(name:\"URL\", value:\"https://github.com/vrtadmin/clamav-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_clamav_remote_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ClamAV/remote/Ver\", \"Host/runs_windows\");\n script_require_ports(3310);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!clamPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!clamVer = get_app_version(cpe:CPE, port:clamPort)){\n exit(0);\n}\n\nif(clamVer == \"0.99.2\")\n{\n report = report_fixed_ver(installed_version:clamVer, fixed_version:\"0.99.3-beta1\");\n security_message(data:report, port:clamPort);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310874100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874100", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2018-958b22c73f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_958b22c73f_clamav_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for clamav FEDORA-2018-958b22c73f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874100\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 08:07:38 +0100 (Wed, 07 Feb 2018)\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\",\n \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6420\",\n \"CVE-2017-6419\", \"CVE-2017-6418\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for clamav FEDORA-2018-958b22c73f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-958b22c73f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XXCWOLKRQGFO5TJ663YKKUMM344DKSC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.99.3~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-01-30T00:00:00", "id": "OPENVAS:1361412562310874063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874063", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2018-cb339851e7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_cb339851e7_clamav_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for clamav FEDORA-2018-cb339851e7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874063\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-30 07:55:51 +0100 (Tue, 30 Jan 2018)\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\",\n \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6420\",\n \"CVE-2017-6419\", \"CVE-2017-6418\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for clamav FEDORA-2018-cb339851e7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-cb339851e7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2ULSX6GBGUOCP4V67LMFVR2C7DKKXCU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.99.3~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:34:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-01-29T00:00:00", "id": "OPENVAS:1361412562310851691", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851691", "type": "openvas", "title": "openSUSE: Security Advisory for clamav (openSUSE-SU-2018:0258-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851691\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 07:46:42 +0100 (Mon, 29 Jan 2018)\");\n script_cve_id(\"CVE-2017-11423\", \"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\",\n \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\",\n \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for clamav (openSUSE-SU-2018:0258-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for clamav fixes the following issues:\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)\n\n * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)\n\n * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument\n Vulnerability)\n\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition\n or potentially execute arbitrary code on an affected device.\n\n * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition on an affected\n device.\n\n * CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers to cause a\n denial of service (use-after-free) via a crafted PE file with WWPack\n compression.\n\n * CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a denial of\n service (heap-based buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted CHM file.\n\n * CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a denial of\n service (stack-based buffer over-read and application crash) via a\n crafted CAB file.\n\n * CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted e-mail message.\n\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal in Leap\n bsc#1040662\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"clamav on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0258-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00078.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.99.3~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"clamav-debuginfo\", rpm:\"clamav-debuginfo~0.99.3~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"clamav-debugsource\", rpm:\"clamav-debugsource~0.99.3~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2018-14682", "CVE-2017-6420", "CVE-2018-14680", "CVE-2017-6418", "CVE-2018-14679", "CVE-2018-15378", "CVE-2018-1000085", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2018-14681", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2018-0202", "CVE-2017-6419", "CVE-2012-6706"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310875200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875200", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2018-1fc39f2d13", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1fc39f2d13_clamav_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for clamav FEDORA-2018-1fc39f2d13\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875200\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 06:38:06 +0200 (Wed, 17 Oct 2018)\");\n script_cve_id(\"CVE-2018-15378\", \"CVE-2018-14680\", \"CVE-2018-14681\", \"CVE-2018-14682\",\n \"CVE-2018-14679\", \"CVE-2012-6706\", \"CVE-2017-6419\", \"CVE-2017-11423\",\n \"CVE-2018-1000085\", \"CVE-2018-0202\", \"CVE-2017-12374\", \"CVE-2017-12375\",\n \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\",\n \"CVE-2017-12380\", \"CVE-2017-6420\", \"CVE-2017-6418\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for clamav FEDORA-2018-1fc39f2d13\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1fc39f2d13\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4OAK7NHFUENOT57B7HZBDLSLSAOFVEZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.100.2~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T09:38:39", "description": "clamav is vulnerable to multiple issues that can lead to denial of\nservice when processing untrusted content.\n\nCVE-2017-6418\n\nout-of-bounds read in libclamav/message.c, allowing remote attackers\nto cause a denial of service via a crafted e-mail message.\n\nCVE-2017-6420\n\nuse-after-free in the wwunpack function (libclamav/wwunpack.c),\nallowing remote attackers to cause a denial of service via a crafted\nPE file with WWPack compression.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.99.2+dfsg-0+deb7u3.\n\nWe recommend that you upgrade your clamav packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-09-25T00:00:00", "title": "Debian DLA-1105-1 : clamav security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418"], "modified": "2017-09-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:clamav-testfiles", "p-cpe:/a:debian:debian_linux:clamav-base", "p-cpe:/a:debian:debian_linux:libclamav-dev", "p-cpe:/a:debian:debian_linux:clamav-freshclam", "p-cpe:/a:debian:debian_linux:clamav-daemon", "p-cpe:/a:debian:debian_linux:clamav-dbg", "p-cpe:/a:debian:debian_linux:clamav-docs", "p-cpe:/a:debian:debian_linux:clamav", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libclamav7", "p-cpe:/a:debian:debian_linux:clamav-milter"], "id": "DEBIAN_DLA-1105.NASL", "href": "https://www.tenable.com/plugins/nessus/103427", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1105-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103427);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6420\");\n\n script_name(english:\"Debian DLA-1105-1 : clamav security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"clamav is vulnerable to multiple issues that can lead to denial of\nservice when processing untrusted content.\n\nCVE-2017-6418\n\nout-of-bounds read in libclamav/message.c, allowing remote attackers\nto cause a denial of service via a crafted e-mail message.\n\nCVE-2017-6420\n\nuse-after-free in the wwunpack function (libclamav/wwunpack.c),\nallowing remote attackers to cause a denial of service via a crafted\nPE file with WWPack compression.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.99.2+dfsg-0+deb7u3.\n\nWe recommend that you upgrade your clamav packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/clamav\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-freshclam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-testfiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libclamav-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libclamav7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"clamav\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-base\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-daemon\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-dbg\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-docs\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-freshclam\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-milter\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-testfiles\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libclamav-dev\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libclamav7\", reference:\"0.99.2+dfsg-0+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:16:42", "description": "Fixes some regressions of previous versions \n\n----\n\nSecurity fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908)\n\n----\n\n - Fix bugs 1126595,1464269,1126625 and 1258536, \n\n - Update of main.cvd, daily.cvd and bytecode.cvd\n\n----\n\n - Fixes for rhbz 1530678 and 1518016\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-01-25T00:00:00", "title": "Fedora 27 : clamav (2018-2a1f469c85)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418"], "modified": "2018-01-25T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:clamav"], "id": "FEDORA_2018-2A1F469C85.NASL", "href": "https://www.tenable.com/plugins/nessus/106322", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-2a1f469c85.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106322);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6420\");\n script_xref(name:\"FEDORA\", value:\"2018-2a1f469c85\");\n\n script_name(english:\"Fedora 27 : clamav (2018-2a1f469c85)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes some regressions of previous versions \n\n----\n\nSecurity fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908)\n\n----\n\n - Fix bugs 1126595,1464269,1126625 and 1258536, \n\n - Update of main.cvd, daily.cvd and bytecode.cvd\n\n----\n\n - Fixes for rhbz 1530678 and 1518016\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2a1f469c85\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"clamav-0.99.2-18.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:20:33", "description": "Fixes some regressions of previous versions \n\n----\n\nSecurity fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908)\n\n----\n\nFixes for rhbz 1530678 and 1518016\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-01-29T00:00:00", "title": "Fedora 26 : clamav (2018-a86bad9689)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418"], "modified": "2018-01-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:clamav", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-A86BAD9689.NASL", "href": "https://www.tenable.com/plugins/nessus/106421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-a86bad9689.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106421);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6420\");\n script_xref(name:\"FEDORA\", value:\"2018-a86bad9689\");\n\n script_name(english:\"Fedora 26 : clamav (2018-a86bad9689)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes some regressions of previous versions \n\n----\n\nSecurity fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908)\n\n----\n\nFixes for rhbz 1530678 and 1518016\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-a86bad9689\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"clamav-0.99.2-18.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:45:44", "description": "It was discovered that ClamAV incorrectly handled parsing certain\ne-mail messages. A remote attacker could possibly use this issue to\ncause ClamAV to crash, resulting in a denial of service.\n(CVE-2017-6418)\n\nIt was discovered that ClamAV incorrectly handled certain malformed\nCHM files. A remote attacker could use this issue to cause ClamAV to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 14.04 LTS. In the default\ninstallation, attackers would be isolated by the ClamAV AppArmor\nprofile. (CVE-2017-6419)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PE\nfiles with WWPack compression. A remote attacker could possibly use\nthis issue to cause ClamAV to crash, resulting in a denial of service.\n(CVE-2017-6420).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-18T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : clamav vulnerabilities (USN-3393-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-6419"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04", "p-cpe:/a:canonical:ubuntu_linux:clamav"], "id": "UBUNTU_USN-3393-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3393-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102581);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_xref(name:\"USN\", value:\"3393-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : clamav vulnerabilities (USN-3393-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ClamAV incorrectly handled parsing certain\ne-mail messages. A remote attacker could possibly use this issue to\ncause ClamAV to crash, resulting in a denial of service.\n(CVE-2017-6418)\n\nIt was discovered that ClamAV incorrectly handled certain malformed\nCHM files. A remote attacker could use this issue to cause ClamAV to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 14.04 LTS. In the default\ninstallation, attackers would be isolated by the ClamAV AppArmor\nprofile. (CVE-2017-6419)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PE\nfiles with WWPack compression. A remote attacker could possibly use\nthis issue to cause ClamAV to crash, resulting in a denial of service.\n(CVE-2017-6420).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3393-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"clamav\", pkgver:\"0.99.2+addedllvm-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"clamav\", pkgver:\"0.99.2+dfsg-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"clamav\", pkgver:\"0.99.2+dfsg-6ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:55:15", "description": "The remote host is affected by the vulnerability described in GLSA-201804-16\n(ClamAV: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ClamAV. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, through multiple vectors, could execute arbitrary\n code, cause a Denial of Service condition, or have other unspecified\n impacts.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-23T00:00:00", "title": "GLSA-201804-16 : ClamAV: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2018-1000085", "CVE-2017-11423", "CVE-2018-0202", "CVE-2017-6419", "CVE-2012-6706"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:clamav"], "id": "GENTOO_GLSA-201804-16.NASL", "href": "https://www.tenable.com/plugins/nessus/109230", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201804-16.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109230);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-11423\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\", \"CVE-2018-0202\", \"CVE-2018-1000085\");\n script_xref(name:\"GLSA\", value:\"201804-16\");\n\n script_name(english:\"GLSA-201804-16 : ClamAV: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201804-16\n(ClamAV: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ClamAV. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, through multiple vectors, could execute arbitrary\n code, cause a Denial of Service condition, or have other unspecified\n impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201804-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ClamAV users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.99.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-antivirus/clamav\", unaffected:make_list(\"ge 0.99.4\"), vulnerable:make_list(\"lt 0.99.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ClamAV\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:20:04", "description": "Heap-based buffer overflow in mspack/lzxd.c :\n\nmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows\nremote attackers to cause a denial of service (heap-based buffer\noverflow and application crash) or possibly have unspecified other\nimpact via a crafted CHM file.(CVE-2017-6419)\n\nThe wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows\nremote attackers to cause a denial of service (use-after-free) via a\ncrafted PE file with WWPack compression.(CVE-2017-6420)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms when handling Portable\nDocument Format (.pdf) files sent to an affected device. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted .pdf file to an affected device. This action could\ncause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code. (CVE-2017-12376)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nof .tar (Tape Archive) files sent to an affected device. A successful\nexploit could cause a checksum buffer over-read condition when ClamAV\nscans the malicious .tar file, potentially allowing the attacker to\ncause a DoS condition on the affected device.(CVE-2017-12378)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing functions (the rfc2047 function in\nmbox.c). An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. This\naction could cause a buffer overflow condition when ClamAV scans the\nmalicious email, allowing the attacker to potentially cause a DoS\ncondition on an affected device.(CVE-2017-12375)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in the message parsing\nfunction on an affected system. An unauthenticated, remote attacker\ncould exploit this vulnerability by sending a crafted email to the\naffected device. This action could cause a messageAddArgument (in\nmessage.c) buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.(CVE-2017-12379)\n\nlibclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause\na denial of service (out-of-bounds read) via a crafted e-mail\nmessage.(CVE-2017-6418)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing operations (mbox.c operations on bounce\nmessages). If successfully exploited, the ClamAV software could allow\na variable pointing to the mail body which could cause a used after\nbeing free (use-after-free) instance which may lead to a disruption of\nservices on an affected device to include a denial of service\ncondition.(CVE-2017-12374)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in mew packet files sent\nto an affected device. A successful exploit could cause a heap-based\nbuffer over-read condition in mew.c when ClamAV scans the malicious\nfile, allowing the attacker to cause a DoS condition or potentially\nexecute arbitrary code on the affected device.(CVE-2017-12377)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nin mbox.c during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS\ncondition.(CVE-2017-12380)", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-22T00:00:00", "title": "Amazon Linux AMI : clamav (ALAS-2018-958)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:clamav-devel", "p-cpe:/a:amazon:linux:clamav", "p-cpe:/a:amazon:linux:clamd", "p-cpe:/a:amazon:linux:clamav-server", "p-cpe:/a:amazon:linux:clamav-milter-sysvinit", "p-cpe:/a:amazon:linux:clamav-milter", "p-cpe:/a:amazon:linux:clamav-server-sysvinit", "p-cpe:/a:amazon:linux:clamav-scanner", "p-cpe:/a:amazon:linux:clamav-db", "p-cpe:/a:amazon:linux:clamav-data-empty", "p-cpe:/a:amazon:linux:clamav-data", "p-cpe:/a:amazon:linux:clamav-scanner-sysvinit", "p-cpe:/a:amazon:linux:clamav-lib", "p-cpe:/a:amazon:linux:clamav-debuginfo", "p-cpe:/a:amazon:linux:clamav-filesystem", "p-cpe:/a:amazon:linux:clamav-update", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-958.NASL", "href": "https://www.tenable.com/plugins/nessus/106935", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-958.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106935);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_xref(name:\"ALAS\", value:\"2018-958\");\n\n script_name(english:\"Amazon Linux AMI : clamav (ALAS-2018-958)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Heap-based buffer overflow in mspack/lzxd.c :\n\nmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows\nremote attackers to cause a denial of service (heap-based buffer\noverflow and application crash) or possibly have unspecified other\nimpact via a crafted CHM file.(CVE-2017-6419)\n\nThe wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows\nremote attackers to cause a denial of service (use-after-free) via a\ncrafted PE file with WWPack compression.(CVE-2017-6420)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms when handling Portable\nDocument Format (.pdf) files sent to an affected device. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted .pdf file to an affected device. This action could\ncause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code. (CVE-2017-12376)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nof .tar (Tape Archive) files sent to an affected device. A successful\nexploit could cause a checksum buffer over-read condition when ClamAV\nscans the malicious .tar file, potentially allowing the attacker to\ncause a DoS condition on the affected device.(CVE-2017-12378)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing functions (the rfc2047 function in\nmbox.c). An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. This\naction could cause a buffer overflow condition when ClamAV scans the\nmalicious email, allowing the attacker to potentially cause a DoS\ncondition on an affected device.(CVE-2017-12375)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in the message parsing\nfunction on an affected system. An unauthenticated, remote attacker\ncould exploit this vulnerability by sending a crafted email to the\naffected device. This action could cause a messageAddArgument (in\nmessage.c) buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.(CVE-2017-12379)\n\nlibclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause\na denial of service (out-of-bounds read) via a crafted e-mail\nmessage.(CVE-2017-6418)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing operations (mbox.c operations on bounce\nmessages). If successfully exploited, the ClamAV software could allow\na variable pointing to the mail body which could cause a used after\nbeing free (use-after-free) instance which may lead to a disruption of\nservices on an affected device to include a denial of service\ncondition.(CVE-2017-12374)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in mew packet files sent\nto an affected device. A successful exploit could cause a heap-based\nbuffer over-read condition in mew.c when ClamAV scans the malicious\nfile, allowing the attacker to cause a DoS condition or potentially\nexecute arbitrary code on the affected device.(CVE-2017-12377)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nin mbox.c during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS\ncondition.(CVE-2017-12380)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-958.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update clamav' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-data-empty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-milter-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-scanner-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-update\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"clamav-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-data-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-data-empty-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-db-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-debuginfo-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-devel-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-filesystem-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-lib-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-milter-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-milter-sysvinit-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-scanner-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-scanner-sysvinit-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-server-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-server-sysvinit-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-update-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamd-0.99.3-1.28.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav / clamav-data / clamav-data-empty / clamav-db / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:21:39", "description": "ClamAV 0.99.3 =============\n\nThis release is a security release and is recommended for all ClamAV\nusers. Please see details below :\n\n1. ClamAV UAF (use-after-free) Vulnerabilities (CVE-2017-12374)\n\n---------------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing operations. If successfully\nexploited, the ClamAV software could allow a variable pointing to the\nmail body which could cause a used after being free (use-after-free)\ninstance which may lead to a disruption of services on an affected\ndevice to include a denial of service condition.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11939\n\n2. ClamAV Buffer Overflow Vulnerability (CVE-2017-12375)\n\n--------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing functions. An unauthenticated,\nremote attacker could exploit this vulnerability by sending a crafted\nemail to the affected device. This action could cause a buffer\noverflow condition when ClamAV scans the malicious email, allowing the\nattacker to potentially cause a DoS condition on an affected device.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11940\n\n3. ClamAV Buffer Overflow in handle_pdfname Vulnerability\n(CVE-2017-12376)\n\n----------------------------------------------------------------------\n----\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to\nan affected device. An unauthenticated, remote attacker could exploit\nthis vulnerability by sending a crafted .pdf file to an affected\ndevice. This action could cause a buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11942\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n4. ClamAV Mew Packet Heap Overflow Vulnerability (CVE-2017-12377)\n\n-----------------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A\nsuccessful exploit could cause a heap overflow condition when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected\ndevice.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11943\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n5. ClamAV Buffer Over Read Vulnerability (CVE-2017-12378)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms of .tar (Tape Archive) files sent to an affected device. A\nsuccessful exploit could cause a buffer over-read condition when\nClamAV scans the malicious .tar file, potentially allowing the\nattacker to cause a DoS condition on the affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11946\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n6. ClamAV Buffer Overflow in messageAddArgument Vulnerability\n(CVE-2017-12379)\n\n----------------------------------------------------------------------\n--------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could\ncause a buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11944\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n7. ClamAV Null Dereference Vulnerability (CVE-2017-12380)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS condition.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11945\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nFurther fixes/changes\n\n---------------------\n\nAlso included are 2 minor fixes to properly detect openssl install\nlocations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#\nversion numbers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-30T00:00:00", "title": "Fedora 27 : clamav (2018-cb339851e7)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2018-01-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:clamav"], "id": "FEDORA_2018-CB339851E7.NASL", "href": "https://www.tenable.com/plugins/nessus/106465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-cb339851e7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106465);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_xref(name:\"FEDORA\", value:\"2018-cb339851e7\");\n\n script_name(english:\"Fedora 27 : clamav (2018-cb339851e7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ClamAV 0.99.3 =============\n\nThis release is a security release and is recommended for all ClamAV\nusers. Please see details below :\n\n1. ClamAV UAF (use-after-free) Vulnerabilities (CVE-2017-12374)\n\n---------------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing operations. If successfully\nexploited, the ClamAV software could allow a variable pointing to the\nmail body which could cause a used after being free (use-after-free)\ninstance which may lead to a disruption of services on an affected\ndevice to include a denial of service condition.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11939\n\n2. ClamAV Buffer Overflow Vulnerability (CVE-2017-12375)\n\n--------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing functions. An unauthenticated,\nremote attacker could exploit this vulnerability by sending a crafted\nemail to the affected device. This action could cause a buffer\noverflow condition when ClamAV scans the malicious email, allowing the\nattacker to potentially cause a DoS condition on an affected device.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11940\n\n3. ClamAV Buffer Overflow in handle_pdfname Vulnerability\n(CVE-2017-12376)\n\n----------------------------------------------------------------------\n----\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to\nan affected device. An unauthenticated, remote attacker could exploit\nthis vulnerability by sending a crafted .pdf file to an affected\ndevice. This action could cause a buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11942\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n4. ClamAV Mew Packet Heap Overflow Vulnerability (CVE-2017-12377)\n\n-----------------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A\nsuccessful exploit could cause a heap overflow condition when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected\ndevice.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11943\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n5. ClamAV Buffer Over Read Vulnerability (CVE-2017-12378)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms of .tar (Tape Archive) files sent to an affected device. A\nsuccessful exploit could cause a buffer over-read condition when\nClamAV scans the malicious .tar file, potentially allowing the\nattacker to cause a DoS condition on the affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11946\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n6. ClamAV Buffer Overflow in messageAddArgument Vulnerability\n(CVE-2017-12379)\n\n----------------------------------------------------------------------\n--------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could\ncause a buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11944\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n7. ClamAV Null Dereference Vulnerability (CVE-2017-12380)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS condition.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11945\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nFurther fixes/changes\n\n---------------------\n\nAlso included are 2 minor fixes to properly detect openssl install\nlocations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#\nversion numbers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb339851e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"clamav-0.99.3-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:19:45", "description": "ClamAV 0.99.3 =============\n\nThis release is a security release and is recommended for all ClamAV\nusers. Please see details below :\n\n1. ClamAV UAF (use-after-free) Vulnerabilities (CVE-2017-12374)\n\n---------------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing operations. If successfully\nexploited, the ClamAV software could allow a variable pointing to the\nmail body which could cause a used after being free (use-after-free)\ninstance which may lead to a disruption of services on an affected\ndevice to include a denial of service condition.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11939\n\n2. ClamAV Buffer Overflow Vulnerability (CVE-2017-12375)\n\n--------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing functions. An unauthenticated,\nremote attacker could exploit this vulnerability by sending a crafted\nemail to the affected device. This action could cause a buffer\noverflow condition when ClamAV scans the malicious email, allowing the\nattacker to potentially cause a DoS condition on an affected device.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11940\n\n3. ClamAV Buffer Overflow in handle_pdfname Vulnerability\n(CVE-2017-12376)\n\n----------------------------------------------------------------------\n----\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to\nan affected device. An unauthenticated, remote attacker could exploit\nthis vulnerability by sending a crafted .pdf file to an affected\ndevice. This action could cause a buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11942\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n4. ClamAV Mew Packet Heap Overflow Vulnerability (CVE-2017-12377)\n\n-----------------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A\nsuccessful exploit could cause a heap overflow condition when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected\ndevice.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11943\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n5. ClamAV Buffer Over Read Vulnerability (CVE-2017-12378)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms of .tar (Tape Archive) files sent to an affected device. A\nsuccessful exploit could cause a buffer over-read condition when\nClamAV scans the malicious .tar file, potentially allowing the\nattacker to cause a DoS condition on the affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11946\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n6. ClamAV Buffer Overflow in messageAddArgument Vulnerability\n(CVE-2017-12379)\n\n----------------------------------------------------------------------\n--------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could\ncause a buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11944\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n7. ClamAV Null Dereference Vulnerability (CVE-2017-12380)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS condition.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11945\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nFurther fixes/changes\n\n---------------------\n\nAlso included are 2 minor fixes to properly detect openssl install\nlocations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#\nversion numbers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-07T00:00:00", "title": "Fedora 26 : clamav (2018-958b22c73f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2018-02-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:clamav", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-958B22C73F.NASL", "href": "https://www.tenable.com/plugins/nessus/106639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-958b22c73f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106639);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_xref(name:\"FEDORA\", value:\"2018-958b22c73f\");\n\n script_name(english:\"Fedora 26 : clamav (2018-958b22c73f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ClamAV 0.99.3 =============\n\nThis release is a security release and is recommended for all ClamAV\nusers. Please see details below :\n\n1. ClamAV UAF (use-after-free) Vulnerabilities (CVE-2017-12374)\n\n---------------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing operations. If successfully\nexploited, the ClamAV software could allow a variable pointing to the\nmail body which could cause a used after being free (use-after-free)\ninstance which may lead to a disruption of services on an affected\ndevice to include a denial of service condition.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11939\n\n2. ClamAV Buffer Overflow Vulnerability (CVE-2017-12375)\n\n--------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing functions. An unauthenticated,\nremote attacker could exploit this vulnerability by sending a crafted\nemail to the affected device. This action could cause a buffer\noverflow condition when ClamAV scans the malicious email, allowing the\nattacker to potentially cause a DoS condition on an affected device.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11940\n\n3. ClamAV Buffer Overflow in handle_pdfname Vulnerability\n(CVE-2017-12376)\n\n----------------------------------------------------------------------\n----\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to\nan affected device. An unauthenticated, remote attacker could exploit\nthis vulnerability by sending a crafted .pdf file to an affected\ndevice. This action could cause a buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11942\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n4. ClamAV Mew Packet Heap Overflow Vulnerability (CVE-2017-12377)\n\n-----------------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A\nsuccessful exploit could cause a heap overflow condition when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected\ndevice.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11943\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n5. ClamAV Buffer Over Read Vulnerability (CVE-2017-12378)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms of .tar (Tape Archive) files sent to an affected device. A\nsuccessful exploit could cause a buffer over-read condition when\nClamAV scans the malicious .tar file, potentially allowing the\nattacker to cause a DoS condition on the affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11946\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n6. ClamAV Buffer Overflow in messageAddArgument Vulnerability\n(CVE-2017-12379)\n\n----------------------------------------------------------------------\n--------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could\ncause a buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11944\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n7. ClamAV Null Dereference Vulnerability (CVE-2017-12380)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS condition.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11945\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nFurther fixes/changes\n\n---------------------\n\nAlso included are 2 minor fixes to properly detect openssl install\nlocations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#\nversion numbers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-958b22c73f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"clamav-0.99.3-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:09:14", "description": "This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal\n in Leap bsc#1040662\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0255-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:clamav", "p-cpe:/a:novell:suse_linux:clamav-debuginfo", "p-cpe:/a:novell:suse_linux:clamav-debugsource"], "id": "SUSE_SU-2018-0255-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0255-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106456);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-11423\", \"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0255-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal\n in Leap bsc#1040662\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12379/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6420/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180255-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28010530\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-176=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-176=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2018-176=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-176=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-176=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-176=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-176=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-176=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-176=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-176=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:clamav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:clamav-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:50:37", "description": "This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0254-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2018-01-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:clamav", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0254-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0254-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106455);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11423\", \"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n\n script_name(english:\"SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0254-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12379/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6420/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180254-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8167c28d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-clamav-13445=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-clamav-13445=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-clamav-13445=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-clamav-13445=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-clamav-13445=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"clamav-0.99.3-0.20.3.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"clamav-0.99.3-0.20.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-6419"], "description": "It was discovered that ClamAV incorrectly handled parsing certain e-mail \nmessages. A remote attacker could possibly use this issue to cause ClamAV \nto crash, resulting in a denial of service. (CVE-2017-6418)\n\nIt was discovered that ClamAV incorrectly handled certain malformed CHM \nfiles. A remote attacker could use this issue to cause ClamAV to crash, \nresulting in a denial of service, or possibly execute arbitrary code. This \nissue only affected Ubuntu 14.04 LTS. In the default installation, \nattackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PE files \nwith WWPack compression. A remote attacker could possibly use this issue to \ncause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420)", "edition": 5, "modified": "2017-08-17T00:00:00", "published": "2017-08-17T00:00:00", "id": "USN-3393-1", "href": "https://ubuntu.com/security/notices/USN-3393-1", "title": "ClamAV vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:36:13", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-6419"], "description": "USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that ClamAV incorrectly handled parsing certain e-mail \nmessages. A remote attacker could possibly use this issue to cause ClamAV \nto crash, resulting in a denial of service. (CVE-2017-6418)\n\nIt was discovered that ClamAV incorrectly handled certain malformed CHM \nfiles. A remote attacker could use this issue to cause ClamAV to crash, \nresulting in a denial of service, or possibly execute arbitrary code. This \nissue only affected Ubuntu 14.04 LTS. In the default installation, \nattackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PE files \nwith WWPack compression. A remote attacker could possibly use this issue to \ncause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420)", "edition": 6, "modified": "2017-08-17T00:00:00", "published": "2017-08-17T00:00:00", "id": "USN-3393-2", "href": "https://ubuntu.com/security/notices/USN-3393-2", "title": "ClamAV vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2018-04-23T03:28:44", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2018-1000085", "CVE-2017-11423", "CVE-2018-0202", "CVE-2017-6419", "CVE-2012-6706"], "edition": 1, "description": "### Background\n\nClamAV is a GPL virus scanner.\n\n### Description\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, through multiple vectors, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.99.4\"", "modified": "2018-04-22T00:00:00", "published": "2018-04-22T00:00:00", "href": "https://security.gentoo.org/glsa/201804-16", "id": "GLSA-201804-16", "title": "ClamAV: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380", "CVE-2017-6418", "CVE-2017-6420"], "description": "Arch Linux Security Advisory ASA-201802-1\n=========================================\n\nSeverity: Critical\nDate : 2018-02-09\nCVE-ID : CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377\nCVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418\nCVE-2017-6420\nPackage : clamav\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-601\n\nSummary\n=======\n\nThe package clamav before version 0.99.3-1 is vulnerable to multiple\nissues including arbitrary code execution and denial of service.\n\nResolution\n==========\n\nUpgrade to 0.99.3-1.\n\n# pacman -Syu \"clamav>=0.99.3-1\"\n\nThe problems have been fixed upstream in version 0.99.3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-12374 (denial of service)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing operations (mbox.c operations on bounce\nmessages). If successfully exploited, the ClamAV software could allow a\nvariable pointing to the mail body which could cause a used after being\nfree (use-after-free) instance which may lead to a disruption of\nservices on an affected device to include a denial of service\ncondition.\n\n- CVE-2017-12375 (denial of service)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing functions (the rfc2047 function in mbox.c).\nAn unauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could cause\na buffer overflow condition when ClamAV scans the malicious email,\nallowing the attacker to potentially cause a DoS condition on an\naffected device.\n\n- CVE-2017-12376 (arbitrary code execution)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms when handling Portable\nDocument Format (.pdf) files sent to an affected device. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted .pdf file to an affected device. This action could\ncause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the\nmalicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n- CVE-2017-12377 (arbitrary code execution)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in mew packet files sent\nto an affected device. A successful exploit could cause a heap-based\nbuffer over-read condition in mew.c when ClamAV scans the malicious\nfile, allowing the attacker to cause a DoS condition or potentially\nexecute arbitrary code on the affected device.\n\n- CVE-2017-12378 (denial of service)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nof .tar (Tape Archive) files sent to an affected device. A successful\nexploit could cause a checksum buffer over-read condition when ClamAV\nscans the malicious .tar file, potentially allowing the attacker to\ncause a DoS condition on the affected device.\n\n- CVE-2017-12379 (arbitrary code execution)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in the message parsing\nfunction on an affected system. An unauthenticated, remote attacker\ncould exploit this vulnerability by sending a crafted email to the\naffected device. This action could cause a messageAddArgument (in\nmessage.c) buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n- CVE-2017-12380 (denial of service)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nin mbox.c during certain mail parsing functions of the ClamAV software.\nAn unauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. An exploit could\ntrigger a NULL pointer dereference condition when ClamAV scans the\nmalicious email, which may result in a DoS condition.\n\n- CVE-2017-6418 (denial of service)\n\nlibclamav/message.c in ClamAV before 0.99.3 allows remote attackers to\ncause a denial of service (out-of-bounds read) via a crafted e-mail\nmessage.\n\n- CVE-2017-6420 (denial of service)\n\nThe wwunpack function in libclamav/wwunpack.c in ClamAV before 0.99.3\nallows remote attackers to cause a denial of service (use-after-free)\nvia a crafted PE file with WWPack compression.\n\nImpact\n======\n\nA remote attacker is able to execute arbitrary code or crash the\napplication on the affected host when processing a maliciously crafted\nfile.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/57233\nhttp://blog.clamav.net/2018/01/clamav-0993-has-been-released.html\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11939\nhttps://github.com/Cisco-Talos/clamav-devel/commit/7cf2a701041b775dda9743d01665279facc9b326\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11940\nhttps://github.com/Cisco-Talos/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11942\nhttps://github.com/Cisco-Talos/clamav-devel/commit/c8ba4ae2e47a4f49add3e85ef7041b166be6bfdb\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11943\nhttps://github.com/Cisco-Talos/clamav-devel/commit/38da4800bfb2d6b13579950b6543302d13e3015c\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11946\nhttps://github.com/Cisco-Talos/clamav-devel/commit/292d6878fa3e7fd2ab0f7275a78190639ad116d4\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11944\nhttps://github.com/Cisco-Talos/clamav-devel/commit/0604618374dc0dfd148b0ce7bf7a3d2b7528e66b\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11945\nhttps://github.com/Cisco-Talos/clamav-devel/commit/39c89d14a61aef2958b8ea64ade1be7a5faca897\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11797\nhttps://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c\nhttps://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11798\nhttps://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc\nhttps://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/use-after-free/clamav-use-after-free-pe.md\nhttps://security.archlinux.org/CVE-2017-12374\nhttps://security.archlinux.org/CVE-2017-12375\nhttps://security.archlinux.org/CVE-2017-12376\nhttps://security.archlinux.org/CVE-2017-12377\nhttps://security.archlinux.org/CVE-2017-12378\nhttps://security.archlinux.org/CVE-2017-12379\nhttps://security.archlinux.org/CVE-2017-12380\nhttps://security.archlinux.org/CVE-2017-6418\nhttps://security.archlinux.org/CVE-2017-6420", "modified": "2018-02-09T00:00:00", "published": "2018-02-09T00:00:00", "id": "ASA-201802-1", "href": "https://security.archlinux.org/ASA-201802-1", "type": "archlinux", "title": "[ASA-201802-1] clamav: multiple issues", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "**Issue Overview:**\n\nHeap-based buffer overflow in mspack/lzxd.c: \nmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.([CVE-2017-6419 __](<https://access.redhat.com/security/cve/CVE-2017-6419>))\n\nThe wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.([CVE-2017-6420 __](<https://access.redhat.com/security/cve/CVE-2017-6420>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code. ([CVE-2017-12376 __](<https://access.redhat.com/security/cve/CVE-2017-12376>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.([CVE-2017-12378 __](<https://access.redhat.com/security/cve/CVE-2017-12378>))\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.([CVE-2017-12375 __](<https://access.redhat.com/security/cve/CVE-2017-12375>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.([CVE-2017-12379 __](<https://access.redhat.com/security/cve/CVE-2017-12379>))\n\nlibclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.([CVE-2017-6418 __](<https://access.redhat.com/security/cve/CVE-2017-6418>)) \n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.([CVE-2017-12374 __](<https://access.redhat.com/security/cve/CVE-2017-12374>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.([CVE-2017-12377 __](<https://access.redhat.com/security/cve/CVE-2017-12377>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.([CVE-2017-12380 __](<https://access.redhat.com/security/cve/CVE-2017-12380>)) \n\n \n**Affected Packages:** \n\n\nclamav\n\n \n**Issue Correction:** \nRun _yum update clamav_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n clamav-db-0.99.3-1.28.amzn1.i686 \n clamav-milter-0.99.3-1.28.amzn1.i686 \n clamav-lib-0.99.3-1.28.amzn1.i686 \n clamav-debuginfo-0.99.3-1.28.amzn1.i686 \n clamd-0.99.3-1.28.amzn1.i686 \n clamav-devel-0.99.3-1.28.amzn1.i686 \n clamav-update-0.99.3-1.28.amzn1.i686 \n clamav-server-0.99.3-1.28.amzn1.i686 \n clamav-0.99.3-1.28.amzn1.i686 \n \n noarch: \n clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch \n clamav-data-0.99.3-1.28.amzn1.noarch \n clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch \n clamav-scanner-0.99.3-1.28.amzn1.noarch \n clamav-data-empty-0.99.3-1.28.amzn1.noarch \n clamav-filesystem-0.99.3-1.28.amzn1.noarch \n clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch \n \n src: \n clamav-0.99.3-1.28.amzn1.src \n \n x86_64: \n clamav-milter-0.99.3-1.28.amzn1.x86_64 \n clamav-lib-0.99.3-1.28.amzn1.x86_64 \n clamav-devel-0.99.3-1.28.amzn1.x86_64 \n clamav-server-0.99.3-1.28.amzn1.x86_64 \n clamav-debuginfo-0.99.3-1.28.amzn1.x86_64 \n clamav-db-0.99.3-1.28.amzn1.x86_64 \n clamd-0.99.3-1.28.amzn1.x86_64 \n clamav-0.99.3-1.28.amzn1.x86_64 \n clamav-update-0.99.3-1.28.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-02-20T21:35:00", "published": "2018-02-20T21:35:00", "id": "ALAS-2018-958", "href": "https://alas.aws.amazon.com/ALAS-2018-958.html", "title": "Medium: clamav", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-01-27T20:52:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "This update for clamav fixes the following issues:\n\n - Update to security release 0.99.3 (bsc#1077732)\n * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)\n * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)\n * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument\n Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition\n or potentially execute arbitrary code on an affected device.\n * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition on an affected\n device.\n * CVE-2017-6420 (bsc#1052448)\n - this vulnerability could have allowed remote attackers to cause a\n denial of service (use-after-free) via a crafted PE file with WWPack\n compression.\n * CVE-2017-6419 (bsc#1052449)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (heap-based buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted CHM file.\n * CVE-2017-11423 (bsc#1049423)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (stack-based buffer over-read and application crash) via a\n crafted CAB file.\n * CVE-2017-6418 (bsc#1052466)\n - ClamAV could have allowed remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted e-mail message.\n\n", "edition": 1, "modified": "2018-01-27T18:07:57", "published": "2018-01-27T18:07:57", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00074.html", "id": "SUSE-SU-2018:0254-1", "type": "suse", "title": "Security update for clamav (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-28T18:54:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "This update for clamav fixes the following issues:\n\n - Update to security release 0.99.3 (bsc#1077732)\n * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)\n * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)\n * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument\n Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition\n or potentially execute arbitrary code on an affected device.\n * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition on an affected\n device.\n * CVE-2017-6420 (bsc#1052448)\n - this vulnerability could have allowed remote attackers to cause a\n denial of service (use-after-free) via a crafted PE file with WWPack\n compression.\n * CVE-2017-6419 (bsc#1052449)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (heap-based buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted CHM file.\n * CVE-2017-11423 (bsc#1049423)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (stack-based buffer over-read and application crash) via a\n crafted CAB file.\n * CVE-2017-6418 (bsc#1052466)\n - ClamAV could have allowed remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted e-mail message.\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal in Leap\n bsc#1040662\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-01-28T15:06:45", "published": "2018-01-28T15:06:45", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00078.html", "id": "OPENSUSE-SU-2018:0258-1", "type": "suse", "title": "Security update for clamav (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-28T00:52:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "This update for clamav fixes the following issues:\n\n - Update to security release 0.99.3 (bsc#1077732)\n * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)\n * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)\n * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument\n Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition\n or potentially execute arbitrary code on an affected device.\n * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition on an affected\n device.\n * CVE-2017-6420 (bsc#1052448)\n - this vulnerability could have allowed remote attackers to cause a\n denial of service (use-after-free) via a crafted PE file with WWPack\n compression.\n * CVE-2017-6419 (bsc#1052449)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (heap-based buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted CHM file.\n * CVE-2017-11423 (bsc#1049423)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (stack-based buffer over-read and application crash) via a\n crafted CAB file.\n * CVE-2017-6418 (bsc#1052466)\n - ClamAV could have allowed remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted e-mail message.\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal in Leap\n bsc#1040662\n\n", "edition": 1, "modified": "2018-01-27T21:07:02", "published": "2018-01-27T21:07:02", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00075.html", "id": "SUSE-SU-2018:0255-1", "type": "suse", "title": "Security update for clamav (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}