Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-1366-1:CBD8B
HistorySep 01, 2007 - 12:00 a.m.

[SECURITY] [DSA 1366-1] New clamav packages fix several vulnerabilities

2007-09-0100:00:00
lists.debian.org
13

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Debian Security Advisory DSA 1366-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
September 1st, 2007 http://www.debian.org/security/faq

Package : clamav
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-4510 CVE-2007-4560

Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-4510

It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560

It was discovered clamav-milter performs insufficicient input
sanitising, resulting in the execution of arbitrary shell commands.

The oldstable distribution (sarge) is only affected by a subset of
the problems. An update will be provided later.

For the stable distribution (etch) these problems have been fixed
in version 0.90.1-3etch7.

For the unstable distribution (sid) these problems have been fixed in
version 0.91.2-1.

We recommend that you upgrade your clamav packages.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Source archives:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.dsc
  Size/MD5 checksum:      886 76508137da0c93a144d130323f7eca87
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.diff.gz
  Size/MD5 checksum:   203232 127d4844eb36f41a52c67d461d554c09
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
  Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf

Architecture independent components:

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch7_all.deb
  Size/MD5 checksum:   201648 4f87137fc2d9dc12ae774ed149c11080
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch7_all.deb
  Size/MD5 checksum:  1003456 a2aacc240716f6da56c9cda24e288af1
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch7_all.deb
  Size/MD5 checksum:   157834 820e470f5c428c599fc174e0fcadc7ee

Alpha architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_alpha.deb
  Size/MD5 checksum:   863492 e4bb31adae25ba8270c3a7693a5ac203
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_alpha.deb
  Size/MD5 checksum:   184710 65a6b05e5f59a1373b27524267f81f61
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_alpha.deb
  Size/MD5 checksum:   644772 fc182ead4b1858dd9e295a1e774f13c7
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_alpha.deb
  Size/MD5 checksum:  9303850 fccfb44066fd7028855dd92ac61918ca
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_alpha.deb
  Size/MD5 checksum:   180304 d34adfc21674bfd5f804f4c721aff9d5
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_alpha.deb
  Size/MD5 checksum:   511144 223b48dbd9cb9a4003a67dbba4bf265e
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_alpha.deb
  Size/MD5 checksum:   406406 6bca766fb1a86d0a58793f7f9603dd85

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_amd64.deb
  Size/MD5 checksum:   856522 cae033c2c4d2245ed0c3742982f9bb67
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_amd64.deb
  Size/MD5 checksum:   178452 cf29bd7447cfc3163974b60cc29955a1
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_amd64.deb
  Size/MD5 checksum:   638384 11df3244f048ed156ef97d99ddf13ee2
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_amd64.deb
  Size/MD5 checksum:  9301956 ee98e922039c3ae2e58e00fa46f3682f
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_amd64.deb
  Size/MD5 checksum:   177470 a2fc25aecce75dfd7b506bfd852110cd
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_amd64.deb
  Size/MD5 checksum:   386568 6a1f79b33c45bbf7f63361c5bc3e5301
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_amd64.deb
  Size/MD5 checksum:   367274 a313b9e7a274000923f2a4c508ce630d

ARM architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_arm.deb
  Size/MD5 checksum:   852934 030a5f8950c9917033dd4a73e500d177
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_arm.deb
  Size/MD5 checksum:   171200 c37973b52dbee496410dc338826c89c3
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_arm.deb
  Size/MD5 checksum:   598014 2e698cb351c2a6821e4cc4a4c4f39d48
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_arm.deb
  Size/MD5 checksum:  9299226 06ca0c49348eb0deeddac6e1b4d87378
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_arm.deb
  Size/MD5 checksum:   175344 b38253709f390f65a27363f0d41e14c7
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_arm.deb
  Size/MD5 checksum:   366618 f555885ad50c5a205bfe52bc5c05bf32
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_arm.deb
  Size/MD5 checksum:   363474 47905b28d3fa482eb2ba05c08de1f395

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_hppa.deb
  Size/MD5 checksum:   857242 7d921dd3dc4d8dc97c8289e6ed2dc56c
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_hppa.deb
  Size/MD5 checksum:   178162 f0e8edeadf8a35002982a166b84f5bd8
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_hppa.deb
  Size/MD5 checksum:   618354 dd56899c90c0826a029ad632fe3d784e
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_hppa.deb
  Size/MD5 checksum:  9303278 352b5455ef66f4faebf1622bba6d6abb
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_hppa.deb
  Size/MD5 checksum:   177404 1d571b923902dfeadab4c4d79485ca24
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_hppa.deb
  Size/MD5 checksum:   432894 5700bd90730816ae355bb969a3a0d726
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_hppa.deb
  Size/MD5 checksum:   405100 8e2345c87a460779a4588a51b5d3d4fa

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_i386.deb
  Size/MD5 checksum:   853954 9cb2105c0b125d06b6cd55c3afc034df
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_i386.deb
  Size/MD5 checksum:   174810 26e058c602e245cdd93b617a6433f3eb
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_i386.deb
  Size/MD5 checksum:   604246 9229e00e4fd2f479c4991579527dda05
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_i386.deb
  Size/MD5 checksum:  9300180 2ea193af166b258bafc507ee39fe5ed5
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_i386.deb
  Size/MD5 checksum:   175306 a9249b84ddf8381fddaefdad2d838a7e
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_i386.deb
  Size/MD5 checksum:   367860 d88bcc54abe004b0cac9dace8b1a97cb
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_i386.deb
  Size/MD5 checksum:   365930 25dfe3b0f5db7fd318f508f981447c5b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_ia64.deb
  Size/MD5 checksum:   878502 6819ecbe6de1e78d7a794bd57be5242c
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_ia64.deb
  Size/MD5 checksum:   201696 b6aad73bb42bc06ebe2c7e7cf6638e8e
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_ia64.deb
  Size/MD5 checksum:   657016 a8700ddde5a27b6e5543c26b94ebaccb
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_ia64.deb
  Size/MD5 checksum:  9315332 5e70f38d3e2c545c2a3a0e886a9d31bf
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_ia64.deb
  Size/MD5 checksum:   191962 096679339d39f00c721efb8b443a4eaa
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_ia64.deb
  Size/MD5 checksum:   521666 d782256097bd91daac7c281bc5b9c04a
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_ia64.deb
  Size/MD5 checksum:   475118 9672c4a0370689ab46e98bbe4b5abdae

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mips.deb
  Size/MD5 checksum:   854704 4c88a5d9a1dba0a9b1bff65a873b3088
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mips.deb
  Size/MD5 checksum:   179932 6eddaad912a230c6b5e8d7b66503a99d
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mips.deb
  Size/MD5 checksum:   647356 783a1e4fed71df9f0556616b54cb3a93
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mips.deb
  Size/MD5 checksum:  9301594 fc06728c15469aace7857a24f5fc53ee
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mips.deb
  Size/MD5 checksum:   175694 1389bf57964bee7e61a49fe148dfd06c
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mips.deb
  Size/MD5 checksum:   435530 6ff83829f607222759f9bc74add7b77e
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mips.deb
  Size/MD5 checksum:   372356 569d451c407c05823032836b2b44d89c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mipsel.deb
  Size/MD5 checksum:   854664 4d78fb80f34622cfabd610d707b74ed3
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mipsel.deb
  Size/MD5 checksum:   180046 e2a0871e9171da32be01adf62ad1d128
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mipsel.deb
  Size/MD5 checksum:   636224 2476d9168a9dc29ec7c466f87a234dbc
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mipsel.deb
  Size/MD5 checksum:  9301726 91fbb41f97a05431b3a192b7fb1be1ab
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mipsel.deb
  Size/MD5 checksum:   175936 bca774cbae1f58760b3e865189615238
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mipsel.deb
  Size/MD5 checksum:   426980 282f62187b9cd468416f8fd614d4067c
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mipsel.deb
  Size/MD5 checksum:   365596 6a7c6a9c3f466ec1af406bc5c58d8322

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_powerpc.deb
  Size/MD5 checksum:   857324 71e8777c0bd9373b31bafc1aa00c8be0
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_powerpc.deb
  Size/MD5 checksum:   181870 76e72290201ed98010991f3639c6a87e
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_powerpc.deb
  Size/MD5 checksum:   637432 d3d0cf8a8288a340ade551737721ddcf
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_powerpc.deb
  Size/MD5 checksum:  9302318 7574fcc75525c788c93ff3b28b214458
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_powerpc.deb
  Size/MD5 checksum:   176394 9f861a15da4a7d3d460948dce1e97037
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_powerpc.deb
  Size/MD5 checksum:   405822 f84a324e6d6101046dce37495a5fc1db
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_powerpc.deb
  Size/MD5 checksum:   378474 ec5ab7ea0b45d507ad5ffd0bdd91921b

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_s390.deb
  Size/MD5 checksum:   855284 451dd987867f18df691343826ae2f11f
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_s390.deb
  Size/MD5 checksum:   176424 46cc5eddcc876479e988b9e10e879f8c
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_s390.deb
  Size/MD5 checksum:   628526 2c75c9e4150a0b8eb0c6446e5d112735
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_s390.deb
  Size/MD5 checksum:  9300942 04eb856a3a44098ea1e483921e272c46
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_s390.deb
  Size/MD5 checksum:   177166 52c5cba6197a33b62c912bfddde59782
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_s390.deb
  Size/MD5 checksum:   401818 b8f39319d247f3aa8077c5cfd308185c
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_s390.deb
  Size/MD5 checksum:   391486 24119acc8394847bbde1a957449b0f15

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_sparc.deb
  Size/MD5 checksum:   851414 6da36840b5725d962426971f01e2419c
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_sparc.deb
  Size/MD5 checksum:   172124 0ad57992d8e2538850137a3b9580dfc0
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_sparc.deb
  Size/MD5 checksum:   584052 69fd3f5d67b2a54b1735414184f6a92c
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_sparc.deb
  Size/MD5 checksum:  9298816 2c3e7b1aa338c7fb3d04ce3807ec28bd
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_sparc.deb
  Size/MD5 checksum:   174044 16c23d0e5057d3d852e21ad226601ec2
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_sparc.deb
  Size/MD5 checksum:   389466 45e786e946ddde5fc22c9532a7169f5e
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_sparc.deb
  Size/MD5 checksum:   377484 58b6b3b0d422300d241f406f9985cfa9

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

Related

altlinux 3
nessus 7
openvas 16
osv 1
gentoo 1
prion 2
f5 4
fedora 4
checkpoint_advisories 3
saint 4
ubuntucve 2
cve 2
debiancve 2
packetstorm 1
securityvulns 1
freebsd 1
cvelist 2
d2 1
altlinux
altlinux
Security fix for the ALT Linux 10 package clamav version 0.91.2-alt1
2007-09-03 00:00:00
Security fix for the ALT Linux 9 package clamav version 0.91.2-alt1
2007-09-03 00:00:00
Security fix for the ALT Linux 8 package clamav version 0.91.2-alt1
2007-09-03 00:00:00
nessus
nessus
Debian DSA-1366-1 : clamav - several vulnerabilities
2007-09-03 00:00:00
GLSA-200709-14 : ClamAV: Multiple vulnerabilities
2007-09-24 00:00:00
Mandrake Linux Security Advisory : clamav (MDKSA-2007:172)
2007-09-03 00:00:00
openvas
openvas
Mandriva Update for clamav MDKSA-2007:172 (clamav)
2009-04-09 00:00:00
Debian Security Advisory DSA 1366-1 (clamav)
2008-01-17 00:00:00
Mandriva Update for clamav MDKSA-2007:172 (clamav)
2009-04-09 00:00:00
osv
osv
clamav
2007-09-01 00:00:00
gentoo
gentoo
ClamAV: Multiple vulnerabilities
2007-09-20 00:00:00
prion
prion
Design/Logic Flaw
2007-08-23 19:17:00
Code injection
2007-08-28 01:17:00
f5
f5
K7983 : ClamAV NULL dereference vulnerability - CVE-2007-4510
2013-03-19 00:00:00
SOL7983 - ClamAV NULL dereference vulnerability - CVE-2007-4510
2007-09-27 00:00:00
SOL7985 - ClamAV clamav-milter vulnerability - CVE-2007-4560
2007-09-27 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: clamav-0.91.2-2.fc7
2007-09-07 17:18:29
[SECURITY] Fedora 7 Update: clamav-0.92.1-1.fc7
2008-02-13 05:14:44
[SECURITY] Fedora 7 Update: clamav-0.92-6.fc7
2008-01-22 15:33:16
checkpoint_advisories
checkpoint_advisories
ClamAV Mail Filter Extension Crafted Recipient Command Execution (CVE-2007-4560)
2009-11-15 00:00:00
Preemptive Protection against ClamAV Mail Filter Extension Code Execution Vulnerability
2007-09-10 00:00:00
ClamAV Mail Filter Extension Crafted Recipient Command Execution - ver 2 (CVE-2007-4560)
2014-05-29 00:00:00
saint
saint
ClamAV milter popen command injection
2007-09-06 00:00:00
ClamAV milter popen command injection
2007-09-06 00:00:00
ClamAV milter popen command injection
2007-09-06 00:00:00
ubuntucve
ubuntucve
CVE-2007-4510
2007-08-23 00:00:00
CVE-2007-4560
2007-08-28 00:00:00
cve
cve
CVE-2007-4510
2007-08-23 19:17:00
CVE-2007-4560
2007-08-28 01:17:00
debiancve
debiancve
CVE-2007-4510
2007-08-23 19:17:00
CVE-2007-4560
2007-08-28 01:17:00
packetstorm
packetstorm
ClamAV Milter Blackhole-Mode Remote Code Execution
2009-10-28 00:00:00
securityvulns
securityvulns
ClamAV antivirus multiple security vulnerabilities
2007-09-21 00:00:00
freebsd
freebsd
clamav -- multiple remote Denial of Service vulnerabilities
2007-08-21 00:00:00
cvelist
cvelist
CVE-2007-4510
2007-08-23 19:00:00
CVE-2007-4560
2007-08-28 01:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CLAMAV
2007-08-28 01:17:00

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON
Related for DEBIAN:DSA-1366-1:CBD8B
altlinux3nessus7openvas16osv1gentoo1prion2f54fedora4checkpoint_advisories3saint4ubuntucve2cve2debiancve2packetstorm1securityvulns1freebsd1cvelist2d21