CVE-2005-2920

2005-09-20T23:03:00

Description

Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.

Affected Package

OS	OS Version	Package Name	Package Version
Debian	12	clamav	0.103.6+dfsg-1
Debian	11	clamav	0.103.5+dfsg-0+deb11u1
Debian	10	clamav	0.103.5+dfsg-0+deb10u1
Debian	999	clamav	0.103.6+dfsg-1

{"id": "DEBIANCVE:CVE-2005-2920", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2005-2920", "description": "Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.", "published": "2005-09-20T23:03:00", "modified": "2005-09-20T23:03:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2005-2920", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2005-2920"], "immutableFields": [], "lastseen": "2022-07-04T05:57:55", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cert", "idList": ["VU:363713"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2005-295", "CPAI-2012-145"]}, {"type": "cve", "idList": ["CVE-2005-2920"]}, {"type": "debian", "idList": ["DEBIAN:DSA-824-1:78C25", "DEBIAN:DSA-824-1:A1448"]}, {"type": "freebsd", "idList": ["271498A9-2CD4-11DA-A263-0001020EED82"]}, {"type": "gentoo", "idList": ["GLSA-200509-13"]}, {"type": "nessus", "idList": ["3229.PRM", "DEBIAN_DSA-824.NASL", "FREEBSD_PKG_271498A92CD411DAA2630001020EED82.NASL", "GENTOO_GLSA-200509-13.NASL", "MANDRAKE_MDKSA-2005-166.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065488", "OPENVAS:55393", "OPENVAS:55418", "OPENVAS:55470", "OPENVAS:65488"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:9765"]}, {"type": "suse", "idList": ["SUSE-SA:2005:055"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-2920"]}]}, "score": {"value": 6.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cert", "idList": ["VU:363713"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2005-295"]}, {"type": "cve", "idList": ["CVE-2005-2920"]}, {"type": "debian", "idList": ["DEBIAN:DSA-824-1:78C25"]}, {"type": "freebsd", "idList": ["271498A9-2CD4-11DA-A263-0001020EED82"]}, {"type": "gentoo", "idList": ["GLSA-200509-13"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-824.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:55418"]}, {"type": "suse", "idList": ["SUSE-SA:2005:055"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-2920"]}]}, "exploitation": null, "vulnersScore": 6.6}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "clamav_0.103.6+dfsg-1_all.deb", "packageVersion": "0.103.6+dfsg-1", "operator": "lt", "status": "resolved", "packageName": "clamav"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "clamav_0.103.5+dfsg-0+deb11u1_all.deb", "packageVersion": "0.103.5+dfsg-0+deb11u1", "operator": "lt", "status": "resolved", "packageName": "clamav"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "clamav_0.103.5+dfsg-0+deb10u1_all.deb", "packageVersion": "0.103.5+dfsg-0+deb10u1", "operator": "lt", "status": "resolved", "packageName": "clamav"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "clamav_0.103.6+dfsg-1_all.deb", "packageVersion": "0.103.6+dfsg-1", "operator": "lt", "status": "resolved", "packageName": "clamav"}]}

{"ubuntucve": [{"lastseen": "2021-11-22T22:04:04", "description": "Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87\nallows remote attackers to execute arbitrary code via a crafted UPX packed\nexecutable.", "cvss3": {}, "published": "2005-09-20T00:00:00", "type": "ubuntucve", "title": "CVE-2005-2920", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2920"], "modified": "2005-09-20T00:00:00", "id": "UB:CVE-2005-2920", "href": "https://ubuntu.com/security/CVE-2005-2920", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:38:18", "description": "ClamAV AntiVirus is an open source product that provides anti-virus scanning utilities and an anti-virus library. The product is capable of decoding several archive formats in order to scan their internal items for viruses. One of such archive formats is the UPX (Ultimate Packer for eXecutables) file format. A buffer overflow vulnerability exists in the ClamAV anti-virus product. The flaw is caused by an improper handling of UPX compressed executable files. This vulnerability may be exploited by malicious users to inject and execute arbitrary code on the target system. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS.", "cvss3": {}, "published": "2010-03-14T00:00:00", "type": "checkpoint_advisories", "title": "UPX Compressed PE Executable Files (CVE-2005-2920)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2920"], "modified": "2010-03-14T00:00:00", "id": "CPAI-2005-295", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T07:18:38", "description": "A buffer overflow vulnerability has been reported in ClamAV anti-virus product. The vulnerability is caused due to the improper handling of UPX compressed executable files. A remote attacker may exploit this flaw by enticing a target user to open a specially crafted PE file. This vulnerability may be exploited by malicious users to inject and execute arbitrary code on the target system.", "cvss3": {}, "published": "2012-04-24T00:00:00", "type": "checkpoint_advisories", "title": "ClamAV AntiVirus UPX Compressed PE Executable Files Buffer Overflow (CVE-2005-2920)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2920"], "modified": "2012-04-24T00:00:00", "id": "CPAI-2012-145", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:23:52", "description": "Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.", "cvss3": {}, "published": "2005-09-20T23:03:00", "type": "cve", "title": "CVE-2005-2920", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2920"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.82", "cpe:/a:clam_anti-virus:clamav:0.73", "cpe:/a:clam_anti-virus:clamav:0.83", "cpe:/a:clam_anti-virus:clamav:0.75.1", "cpe:/a:clam_anti-virus:clamav:0.75", "cpe:/a:clam_anti-virus:clamav:0.85", "cpe:/a:clam_anti-virus:clamav:0.86.2", "cpe:/a:clam_anti-virus:clamav:0.81", "cpe:/a:clam_anti-virus:clamav:0.71", "cpe:/a:clam_anti-virus:clamav:0.86", "cpe:/a:clam_anti-virus:clamav:0.85.1", "cpe:/a:clam_anti-virus:clamav:0.80", "cpe:/a:clam_anti-virus:clamav:0.74", "cpe:/a:clam_anti-virus:clamav:0.84", "cpe:/a:clam_anti-virus:clamav:0.86.1", "cpe:/a:clam_anti-virus:clamav:0.72", "cpe:/a:clam_anti-virus:clamav:0.70"], "id": "CVE-2005-2920", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2920", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T13:16:40", "description": "Two vulnerabilities have been discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The following problems were identified :\n\n - CAN-2005-2919 A potentially infinite loop could lead to a denial of service.\n\n - CAN-2005-2920\n\n A buffer overflow could lead to a denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Debian DSA-824-1 : clamav - infinite loop, buffer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:clamav", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-824.NASL", "href": "https://www.tenable.com/plugins/nessus/19793", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-824. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19793);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_xref(name:\"CERT\", value:\"363713\");\n script_xref(name:\"DSA\", value:\"824\");\n\n script_name(english:\"Debian DSA-824-1 : clamav - infinite loop, buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities have been discovered in Clam AntiVirus, the\nantivirus scanner for Unix, designed for integration with mail servers\nto perform attachment scanning. The following problems were identified\n:\n\n - CAN-2005-2919\n A potentially infinite loop could lead to a denial of\n service.\n\n - CAN-2005-2920\n\n A buffer overflow could lead to a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-824\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the clamav package.\n\nThe old stable distribution (woody) does not contain ClamAV packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"clamav\", reference:\"0.84-2.sarge.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-base\", reference:\"0.84-2.sarge.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-daemon\", reference:\"0.84-2.sarge.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-docs\", reference:\"0.84-2.sarge.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-freshclam\", reference:\"0.84-2.sarge.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-milter\", reference:\"0.84-2.sarge.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-testfiles\", reference:\"0.84-2.sarge.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libclamav-dev\", reference:\"0.84-2.sarge.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libclamav1\", reference:\"0.84-2.sarge.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:44", "description": "A vulnerability was discovered in ClamAV versions prior to 0.87. A buffer overflow could occure when processing malformed UPX-packed executables. As well, it could be sent into an infinite loop when processing specially crafted FSG-packed executables.\n\nClamAV version 0.87 is provided with this update which isn't vulnerable to these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : clamav (MDKSA-2005:166)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:clamav", "p-cpe:/a:mandriva:linux:clamav-db", "p-cpe:/a:mandriva:linux:clamav-milter", "p-cpe:/a:mandriva:linux:clamd", "p-cpe:/a:mandriva:linux:lib64clamav1", "p-cpe:/a:mandriva:linux:lib64clamav1-devel", "p-cpe:/a:mandriva:linux:libclamav1", "p-cpe:/a:mandriva:linux:libclamav1-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-166.NASL", "href": "https://www.tenable.com/plugins/nessus/19921", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:166. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19921);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_xref(name:\"MDKSA\", value:\"2005:166\");\n\n script_name(english:\"Mandrake Linux Security Advisory : clamav (MDKSA-2005:166)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in ClamAV versions prior to 0.87. A\nbuffer overflow could occure when processing malformed UPX-packed\nexecutables. As well, it could be sent into an infinite loop when\nprocessing specially crafted FSG-packed executables.\n\nClamAV version 0.87 is provided with this update which isn't\nvulnerable to these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libclamav1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libclamav1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"clamav-0.87-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"clamav-db-0.87-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"clamav-milter-0.87-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"clamd-0.87-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64clamav1-0.87-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64clamav1-devel-0.87-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libclamav1-0.87-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libclamav1-devel-0.87-0.1.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"clamav-0.87-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"clamav-db-0.87-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"clamav-milter-0.87-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"clamd-0.87-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64clamav1-0.87-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64clamav1-devel-0.87-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libclamav1-0.87-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libclamav1-devel-0.87-0.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:34", "description": "The remote host is running ClamAV, an open-source antivirus solution for Unix-like systems. This version of ClamAV is reported to be vulnerable to a flaw where the parsing of a malicious file will cause the clamav process to overflow system memory, possibly resulting in an attacker executing code. An attacker exploiting this flaw would need to be able to send a specially formed email to the system running ClamAV. In addition, this version of ClamAV is vulnerable to a remote Denial of Service (DoS) attack that would render the service unavailable to valid users. ", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2005-09-19T00:00:00", "type": "nessus", "title": "ClamAV < 0.86.3 Content-parsing Multiple Overflows (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2019-03-06T00:00:00", "cpe": [], "id": "3229.PRM", "href": "https://www.tenable.com/plugins/nnm/3229", "sourceData": "Binary data 3229.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:42", "description": "The remote host is affected by the vulnerability described in GLSA-200509-13 (Clam AntiVirus: Multiple vulnerabilities)\n\n Clam AntiVirus is vulnerable to a buffer overflow in 'libclamav/upx.c' when processing malformed UPX-packed executables. It can also be sent into an infinite loop in 'libclamav/fsg.c' when processing specially crafted FSG-packed executables.\n Impact :\n\n By sending a specially crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus, or cause a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "GLSA-200509-13 : Clam AntiVirus: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:clamav", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200509-13.NASL", "href": "https://www.tenable.com/plugins/nessus/19812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200509-13.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19812);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_xref(name:\"GLSA\", value:\"200509-13\");\n\n script_name(english:\"GLSA-200509-13 : Clam AntiVirus: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200509-13\n(Clam AntiVirus: Multiple vulnerabilities)\n\n Clam AntiVirus is vulnerable to a buffer overflow in\n 'libclamav/upx.c' when processing malformed UPX-packed executables. It\n can also be sent into an infinite loop in 'libclamav/fsg.c' when\n processing specially crafted FSG-packed executables.\n \nImpact :\n\n By sending a specially crafted file an attacker could execute\n arbitrary code with the permissions of the user running Clam AntiVirus,\n or cause a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://sourceforge.net/project/shownotes.php?release_id=356974\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3505ec8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200509-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Clam AntiVirus users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.87'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-antivirus/clamav\", unaffected:make_list(\"ge 0.87\"), vulnerable:make_list(\"lt 0.87\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Clam AntiVirus\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:15:44", "description": "Gentoo Linux Security Advisory reports :\n\nClam AntiVirus is vulnerable to a buffer overflow in 'libclamav/upx.c' when processing malformed UPX-packed executables. It can also be sent into an infinite loop in 'libclamav/fsg.c' when processing specially crafted FSG-packed executables.\n\nBy sending a specially crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus, or cause a Denial of Service.", "cvss3": {"score": null, "vector": null}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : clamav -- arbitrary code execution and DoS vulnerabilities (271498a9-2cd4-11da-a263-0001020eed82)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:clamav", "p-cpe:/a:freebsd:freebsd:clamav-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_271498A92CD411DAA2630001020EED82.NASL", "href": "https://www.tenable.com/plugins/nessus/21403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21403);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_xref(name:\"CERT\", value:\"363713\");\n\n script_name(english:\"FreeBSD : clamav -- arbitrary code execution and DoS vulnerabilities (271498a9-2cd4-11da-a263-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gentoo Linux Security Advisory reports :\n\nClam AntiVirus is vulnerable to a buffer overflow in 'libclamav/upx.c'\nwhen processing malformed UPX-packed executables. It can also be sent\ninto an infinite loop in 'libclamav/fsg.c' when processing\nspecially crafted FSG-packed executables.\n\nBy sending a specially crafted file an attacker could execute\narbitrary code with the permissions of the user running Clam\nAntiVirus, or cause a Denial of Service.\"\n );\n # http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200509-13\"\n );\n # https://vuxml.freebsd.org/freebsd/271498a9-2cd4-11da-a263-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3910539f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"clamav<0.87\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"clamav-devel<20050917\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:37:36", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:055 (clamav).\n\n\nThis update upgrades clamav to version 0.87.\n\nIt fixes vulnerabilities in handling of UPX and FSG compressed executables, which could lead to a remote attacker executing code within the daemon using clamav.\n\nThese are tracked by the Mitre CVE IDs CVE-2005-2919 and CVE-2005-2920.\n\nAlso following bugs were fixed:\n- Support for PE files, Zip and Cabinet archives has been improved and other small bugfixes have been made.\n- The new option '--on-outdated-execute' allows freshclam to run a command when system reports a new engine version.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "SUSE-SA:2005:055: clamav", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2005_055.NASL", "href": "https://www.tenable.com/plugins/nessus/19934", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:055\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(19934);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2005:055: clamav\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:055 (clamav).\n\n\nThis update upgrades clamav to version 0.87.\n\nIt fixes vulnerabilities in handling of UPX and FSG compressed executables,\nwhich could lead to a remote attacker executing code within the daemon\nusing clamav.\n\nThese are tracked by the Mitre CVE IDs CVE-2005-2919 and CVE-2005-2920.\n\nAlso following bugs were fixed:\n- Support for PE files, Zip and Cabinet archives has been improved and\nother small bugfixes have been made.\n- The new option '--on-outdated-execute' allows freshclam to run a command\nwhen system reports a new engine version.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_55_clamav.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/10/05\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the clamav package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"clamav-0.87-1.1\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"clamav-0.87-1.2\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"clamav-0.87-1.1\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"clamav-0.87-1.1\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2017-07-02T21:10:12", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: clamav", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2920", "CVE-2005-2919"], "modified": "2016-09-15T00:00:00", "id": "OPENVAS:55418", "href": "http://plugins.openvas.org/nasl.php?oid=55418", "sourceData": "#\n#VID 271498a9-2cd4-11da-a263-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n clamav\n clamav-devel\n\nCVE-2005-2919\nlibclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote\nattackers to cause a denial of service (infinite loop) via a crafted\nFSG packed executable.\n\nCVE-2005-2920\nBuffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before\n0.87 allows remote attackers to execute arbitrary code via a crafted\nUPX packed executable.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.gentoo.org/security/en/glsa/glsa-200509-13.xml\nhttp://www.vuxml.org/freebsd/271498a9-2cd4-11da-a263-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55418);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"clamav\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.87\")<0) {\n txt += 'Package clamav version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"clamav-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"20050917\")<0) {\n txt += 'Package clamav-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:13", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009158 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for clamav", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2920", "CVE-2005-2919"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65488", "href": "http://plugins.openvas.org/nasl.php?oid=65488", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5009158.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for clamav\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009158 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65488);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.87~1.2\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:54", "description": "The remote host is missing an update to clamav\nannounced via advisory DSA 824-1.\n\nTwo vulnerabilities have been discovered in Clam AntiVirus, the\nantivirus scanner for Unix, designed for integration with mail servers\nto perform attachment scanning. The following problems were\nidentified:\n\nCVE-2005-2919\nA potentially infinite loop could lead to a denial of service.\n\nCVE-2005-2920\nA buffer overflow could lead to a denial of service.\n\nThe old stable distribution (woody) does not contain ClamAV packages.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 824-1 (clamav)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2920", "CVE-2005-2919"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55470", "href": "http://plugins.openvas.org/nasl.php?oid=55470", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_824_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 824-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.4.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.87-1.\n\nWe recommend that you upgrade your clamav package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20824-1\";\ntag_summary = \"The remote host is missing an update to clamav\nannounced via advisory DSA 824-1.\n\nTwo vulnerabilities have been discovered in Clam AntiVirus, the\nantivirus scanner for Unix, designed for integration with mail servers\nto perform attachment scanning. The following problems were\nidentified:\n\nCVE-2005-2919\nA potentially infinite loop could lead to a denial of service.\n\nCVE-2005-2920\nA buffer overflow could lead to a denial of service.\n\nThe old stable distribution (woody) does not contain ClamAV packages.\";\n\n\nif(description)\n{\n script_id(55470);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 824-1 (clamav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"clamav-base\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-docs\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-testfiles\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-daemon\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-freshclam\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-milter\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libclamav-dev\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libclamav1\", ver:\"0.84-2.sarge.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:14", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009158 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for clamav", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2920", "CVE-2005-2919"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065488", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065488", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5009158.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for clamav\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009158 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65488\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.87~1.2\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:10", "description": "The remote host is missing updates announced in\nadvisory GLSA 200509-13.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200509-13 (clamav)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2920", "CVE-2005-2919"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55393", "href": "http://plugins.openvas.org/nasl.php?oid=55393", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service\nto execution of arbitrary code when handling compressed executables.\";\ntag_solution = \"All Clam AntiVirus users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.87'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200509-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=106279\nhttp://sourceforge.net/project/shownotes.php?release_id=356974\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200509-13.\";\n\n \n\nif(description)\n{\n script_id(55393);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-2919\", \"CVE-2005-2920\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200509-13 (clamav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-antivirus/clamav\", unaffected: make_list(\"ge 0.87\"), vulnerable: make_list(\"lt 0.87\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2022-01-17T19:18:32", "description": "### Background\n\nClam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. \n\n### Description\n\nClam AntiVirus is vulnerable to a buffer overflow in \"libclamav/upx.c\" when processing malformed UPX-packed executables. It can also be sent into an infinite loop in \"libclamav/fsg.c\" when processing specially-crafted FSG-packed executables. \n\n### Impact\n\nBy sending a specially-crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus, or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Clam AntiVirus users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.87\"", "cvss3": {}, "published": "2005-09-19T00:00:00", "type": "gentoo", "title": "Clam AntiVirus: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2005-09-19T00:00:00", "id": "GLSA-200509-13", "href": "https://security.gentoo.org/glsa/200509-13", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:57:01", "description": "This update upgrades clamav to version 0.87.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2005-09-26T11:00:44", "type": "suse", "title": "remote code execution in clamav", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2920", "CVE-2005-2919"], "modified": "2005-09-26T11:00:44", "id": "SUSE-SA:2005:055", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-09/msg00019.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:14", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200509-13\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nhttp://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSeverity: High\r\nTitle: Clam AntiVirus: Multiple vulnerabilities\r\nDate: September 19, 2005\r\nBugs: #106279\r\nID: 200509-13\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nClam AntiVirus is subject to vulnerabilities ranging from Denial of\r\nService to execution of arbitrary code when handling compressed\r\nexecutables.\r\n\r\nBackground\r\n==========\r\n\r\nClam AntiVirus is a GPL anti-virus toolkit, designed for integration\r\nwith mail servers to perform attachment scanning. Clam AntiVirus also\r\nprovides a command line scanner and a tool for fetching updates of the\r\nvirus database.\r\n\r\nAffected packages\r\n=================\r\n\r\n-------------------------------------------------------------------\r\nPackage / Vulnerable / Unaffected\r\n-------------------------------------------------------------------\r\n1 app-antivirus/clamav < 0.87 >= 0.87\r\n\r\nDescription\r\n===========\r\n\r\nClam AntiVirus is vulnerable to a buffer overflow in "libclamav/upx.c"\r\nwhen processing malformed UPX-packed executables. It can also be sent\r\ninto an infinite loop in "libclamav/fsg.c" when processing\r\nspecially-crafted FSG-packed executables.\r\n\r\nImpact\r\n======\r\n\r\nBy sending a specially-crafted file an attacker could execute arbitrary\r\ncode with the permissions of the user running Clam AntiVirus, or cause\r\na Denial of Service.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Clam AntiVirus users should upgrade to the latest version:\r\n\r\n# emerge --sync\r\n# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87"\r\n\r\nReferences\r\n==========\r\n\r\n[ 1 ] CAN-2005-2919\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919\r\n[ 2 ] CAN-2005-2920\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920\r\n[ 3 ] Clam AntiVirus: Release Notes\r\nhttp://sourceforge.net/project/shownotes.php?release_id=356974\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\nhttp://security.gentoo.org/glsa/glsa-200509-13.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2005 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.0\r\n", "edition": 1, "cvss3": {}, "published": "2005-09-21T00:00:00", "title": "[ GLSA 200509-13 ] Clam AntiVirus: Multiple vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-2920", "CVE-2005-2919"], "modified": "2005-09-21T00:00:00", "id": "SECURITYVULNS:DOC:9765", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9765", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cert": [{"lastseen": "2021-09-28T17:52:27", "description": "### Overview\n\nA buffer overflow in Clam AntiVirus (ClamAV) may allow a remote attacker to execute arbitrary code.\n\n### Description\n\nClam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV (`libclamav/upx.c`) may allow a buffer overflow to occur. If a remote attacker sends a specially crafted [UPX](<http://www.upx.org/>)-packed executable to a vulnerable ClamAV installation, that attacker may be able to trigger the buffer overflow. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the application linked to the ClamAV process. In addition, this vulnerability may prevent ClamAV from detecting malicious UPX-packed executables. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nThis issue was corrected in [ClamAV 0.87](<http://www.clamav.net/stable.php#pagestart>). \n \n--- \n \n**Do not access UPX-packed executables from untrusted sources** \n \nExploitation occurs by via specially crafted UPX-packed executables. By only accessing UPX-packed executables from trusted or known sources, the chances of exploitation are reduced. \n \n--- \n \n### Vendor Information\n\n363713\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Clam AntiVirus Affected\n\nUpdated: October 20, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Debian Linux __ Affected\n\nNotified: September 27, 2005 Updated: November 03, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe old stable distribution (woody) does not contain ClamAV packages.\n\nFor the stable distribution (sarge) this problem has been fixed in version 0.84-2.sarge.4. \n \nFor the unstable distribution (sid) this problem has been fixed in version 0.87-1.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. __ Affected\n\nNotified: October 21, 2005 Updated: October 24, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nClam AntiVirus is available in the FreeBSD Ports Collection. Please see\n\n<http://vuxml.freebsd.org/271498a9-2cd4-11da-a263-0001020eed82.html> \n \nfor details regarding this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Mandriva, Inc. __ Affected\n\nNotified: September 27, 2005 Updated: September 28, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis was addressed in MDKSA-2005:166, which provided clamav 0.87 to all supported versions of Mandriva Linux.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nFrom MKDSA-2005:166\n\n \n`Mandriva Linux Security Update Advisory \n_______________________________________________________________________ \n \nPackage name: clamav \nAdvisory ID: MDKSA-2005:166 \nDate: September 20th, 2005 \n \nAffected versions: 10.1, 10.2, Corporate 3.0 \n______________________________________________________________________ \n \nProblem Description: \n \nA vulnerability was discovered in ClamAV versions prior to 0.87. A \nbuffer overflow could occure when processing malformed UPX-packed \nexecutables. As well, it could be sent into an infinite loop when \nprocessing specially-crafted FSG-packed executables. \n \nClamAV version 0.87 is provided with this update which isn't vulnerable \nto these issues. \n_______________________________________________________________________ \n \nReferences: \n \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919> \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920> \n______________________________________________________________________ \n \nUpdated Packages: \n \nMandrakelinux 10.1: \n9f85320efe6a337ae46db08b53e0eaba 10.1/RPMS/clamav-0.87-0.1.101mdk.i586.rpm \n083a4c5972e960c2a47e598c4626506b 10.1/RPMS/clamav-db-0.87-0.1.101mdk.i586.rpm \nc3f10bb7176e61dcded0cee084fd2d24 10.1/RPMS/clamav-milter-0.87-0.1.101mdk.i586.rpm \n990c343c993bf7bf44046e773faa9f84 10.1/RPMS/clamd-0.87-0.1.101mdk.i586.rpm \n6c67cc650a9808ac1bd95fc7a1d4017a 10.1/RPMS/libclamav1-0.87-0.1.101mdk.i586.rpm \n213a5145796b74cf65c983a482072455 10.1/RPMS/libclamav1-devel-0.87-0.1.101mdk.i586.rpm \n2d75e236b21dbe8000a7c4b1be93217b 10.1/SRPMS/clamav-0.87-0.1.101mdk.src.rpm \n \nMandrakelinux 10.1/X86_64: \nef22edfa1aa4502f08000e050de5d36f x86_64/10.1/RPMS/clamav-0.87-0.1.101mdk.x86_64.rpm \ne33da1b6f6bcd366801a5e80eeb7c723 x86_64/10.1/RPMS/clamav-db-0.87-0.1.101mdk.x86_64.rpm \n04c621676e2832c400c0dda74a498d49 x86_64/10.1/RPMS/clamav-milter-0.87-0.1.101mdk.x86_64.rpm \nda9cc77846812a4b34cb8250157d50b1 x86_64/10.1/RPMS/clamd-0.87-0.1.101mdk.x86_64.rpm \n950f3adbe1fec12c9792f6c947b7cb76 x86_64/10.1/RPMS/lib64clamav1-0.87-0.1.101mdk.x86_64.rpm \n6e53ad5c6d61a9ee3356d919b6589026 x86_64/10.1/RPMS/lib64clamav1-devel-0.87-0.1.101mdk.x86_64.rpm \n2d75e236b21dbe8000a7c4b1be93217b x86_64/10.1/SRPMS/clamav-0.87-0.1.101mdk.src.rpm \n \nMandrakelinux 10.2: \nbc2e4234b78790c9b0c5a5efcb15ba98 10.2/RPMS/clamav-0.87-0.1.102mdk.i586.rpm \n0a99f74d25235e793a6fe05a56d79f7a 10.2/RPMS/clamav-db-0.87-0.1.102mdk.i586.rpm \nb7d275ba651524cc4e3ce5cfacb842e3 10.2/RPMS/clamav-milter-0.87-0.1.102mdk.i586.rpm \nc6862f992a927151d1c4c511cb874e0a 10.2/RPMS/clamd-0.87-0.1.102mdk.i586.rpm \n303aeaa4d2a5de29f3cc5b0cdc539ab3 10.2/RPMS/libclamav1-0.87-0.1.102mdk.i586.rpm \nbcef24beead553b0b7af6a0454365384 10.2/RPMS/libclamav1-devel-0.87-0.1.102mdk.i586.rpm \n96e1ce9dffda8199bf1b583bc2d51e60 10.2/SRPMS/clamav-0.87-0.1.102mdk.src.rpm \n \nMandrakelinux 10.2/X86_64: \nfc09b5328e536f426f6edaac04453ca2 x86_64/10.2/RPMS/clamav-0.87-0.1.102mdk.x86_64.rpm \nf27bc62247ff84975019f8ed3d6ea5b1 x86_64/10.2/RPMS/clamav-db-0.87-0.1.102mdk.x86_64.rpm \nc9fb726280f84da9dd32e30542c29fcd x86_64/10.2/RPMS/clamav-milter-0.87-0.1.102mdk.x86_64.rpm \n193644891c29c2973931c01a56e68d60 x86_64/10.2/RPMS/clamd-0.87-0.1.102mdk.x86_64.rpm \n9568649a618f654600d78b71027174c9 x86_64/10.2/RPMS/lib64clamav1-0.87-0.1.102mdk.x86_64.rpm \n6b54a7ac2e8d743e067bfdaa7638d90f x86_64/10.2/RPMS/lib64clamav1-devel-0.87-0.1.102mdk.x86_64.rpm \n96e1ce9dffda8199bf1b583bc2d51e60 x86_64/10.2/SRPMS/clamav-0.87-0.1.102mdk.src.rpm \n \nCorporate 3.0: \nf86de5b6055236c9cd1ff173bc6c1d98 corporate/3.0/RPMS/clamav-0.87-0.1.C30mdk.i586.rpm \n07071df1c078079e4b7d55f5fa13c7c8 corporate/3.0/RPMS/clamav-db-0.87-0.1.C30mdk.i586.rpm \nc96f4eb3cfd2ffb9060961e39c109204 corporate/3.0/RPMS/clamav-milter-0.87-0.1.C30mdk.i586.rpm \n2445d80ee9c39b337da36554315b9ac1 corporate/3.0/RPMS/clamd-0.87-0.1.C30mdk.i586.rpm \n196a1254be8dce937e17d4b731c5ec19 corporate/3.0/RPMS/libclamav1-0.87-0.1.C30mdk.i586.rpm \na40bfe3465fcdceec2c8d9bfd52ba2b0 corporate/3.0/RPMS/libclamav1-devel-0.87-0.1.C30mdk.i586.rpm \n3ff54d614c61c446d645f8a5c8458abb corporate/3.0/SRPMS/clamav-0.87-0.1.C30mdk.src.rpm \n \nCorporate 3.0/X86_64: \n9d8b35a818da8a63bbbb6e435b9aeca7 x86_64/corporate/3.0/RPMS/clamav-0.87-0.1.C30mdk.x86_64.rpm \nb5e2a4dcbce2882b73c8a561574a4d24 x86_64/corporate/3.0/RPMS/clamav-db-0.87-0.1.C30mdk.x86_64.rpm \ncd2da84bd6fe14cfc7822acdbbfb51da x86_64/corporate/3.0/RPMS/clamav-milter-0.87-0.1.C30mdk.x86_64.rpm \ncf5b819b5c911ece25afa929124bbbcf x86_64/corporate/3.0/RPMS/clamd-0.87-0.1.C30mdk.x86_64.rpm \n7ba558d19e757c2a624e495055e0c218 x86_64/corporate/3.0/RPMS/lib64clamav1-0.87-0.1.C30mdk.x86_64.rpm \nba046627c72dbe187eca48e5e1ae188c x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.87-0.1.C30mdk.x86_64.rpm \n3ff54d614c61c446d645f8a5c8458abb x86_64/corporate/3.0/SRPMS/clamav-0.87-0.1.C30mdk.src.rpm \n_______________________________________________________________________ \n \nTo upgrade automatically use MandrakeUpdate or urpmi. The verification \nof md5 checksums and GPG signatures is performed automatically for you. \n \nAll packages are signed by Mandriva for security. You can obtain the \nGPG public key of the Mandriva Security Team by executing: \n \ngpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 \n \nYou can view other update advisories for Mandriva Linux at: \n \n<http://www.mandriva.com/security/advisories> \n \nIf you want to report vulnerabilities, please contact \n \nsecurity_(at)_mandriva.com \n_______________________________________________________________________ \n \nType Bits/KeyID Date User ID \npub 1024D/22458A98 2000-07-10 Mandriva Security Team \n<security*mandriva.com> \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.4 (GNU/Linux) \n \niD8DBQFDMMjFmqjQ0CJFipgRAi4mAKDi+IhpoZJipa7FHsDsjLS7AmbR+QCgivM1 \nH8i2PXchCVYAqWKnsG4ADSY= \n=8Yn2 \n-----END PGP SIGNATURE----- `\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23363713 Feedback>).\n\n### Ubuntu __ Affected\n\nNotified: September 27, 2005 Updated: September 28, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nUbuntu does not officially support the clamav package, it is in the \"universe\" section of the archive. The upcoming stable release Ubuntu 5.10 has ClamAV version 0.87 and thus is not affected. The current stable releases (Ubuntu 4.10 and Ubuntu 5.04) are currently vulnerable; they might be fixed by the community soon.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. __ Not Affected\n\nNotified: October 21, 2005 Updated: October 24, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nBIG-IP is not vulnerable to this issue.\n\nTrafficShield is not vulnerable to this issue. \nWANJet and WebAccelerator are not vulnerable to this issue. \nFirePass IS vulnerable. A hotfix is being prepared.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi __ Not Affected\n\nNotified: October 21, 2005 Updated: October 24, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nHitachi products do not bundle Clam Antivirus and hence not vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Microsoft Corporation Not Affected\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Openwall GNU/*/Linux __ Not Affected\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nOpenwall GNU/*/Linux is not vulnerable. We do not package ClamAV.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. __ Not Affected\n\nNotified: September 27, 2005 Updated: September 29, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo Red Hat products contain ClamAV\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Not Affected\n\nNotified: September 27, 2005 Updated: October 24, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Not Affected\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nSun's JDS (Java Desktop System) for Linux Platform and Solaris Operating Environment do not bundle Clam Antivirus and hence not vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Apple Computer, Inc. Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sequent Computer Systems, Inc. Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group (SCO Linux) Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Trustix Secure Linux Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: September 27, 2005 Updated: September 27, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: October 21, 2005 Updated: October 21, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 43 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://secunia.com/advisories/16848/>\n * <http://sourceforge.net/project/shownotes.php?release_id=356974>\n * <http://www.securityfocus.com/bid/14866>\n * <http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml>\n * <http://www.clamav.net/>\n * <http://www.mandriva.com/security/advisories?name=MDKSA-2005:166>\n\n### Acknowledgements\n\nThis vulnerability was reported by Thierry Carrez.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-2920](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-2920>) \n---|--- \n**Severity Metric:** | 6.75 \n**Date Public:** | 2005-09-19 \n**Date First Published:** | 2005-09-27 \n**Date Last Updated: ** | 2005-11-03 14:35 UTC \n**Document Revision: ** | 45 \n", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "cert", "title": "Clam AntiVirus contains a buffer overflow vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2005-11-03T14:35:00", "id": "VU:363713", "href": "https://www.kb.cert.org/vuls/id/363713", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nGentoo Linux Security Advisory reports:\n\nClam AntiVirus is vulnerable to a buffer overflow in\n\t \"libclamav/upx.c\" when processing malformed UPX-packed\n\t executables. It can also be sent into an infinite loop in\n\t \"libclamav/fsg.c\" when processing specially-crafted\n\t FSG-packed executables.\nBy sending a specially-crafted file an attacker could\n\t execute arbitrary code with the permissions of the user\n\t running Clam AntiVirus, or cause a Denial of Service.\n\n\n", "cvss3": {}, "published": "2005-09-16T00:00:00", "type": "freebsd", "title": "clamav -- arbitrary code execution and DoS vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2005-10-22T00:00:00", "id": "271498A9-2CD4-11DA-A263-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/271498a9-2cd4-11da-a263-0001020eed82.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-12-05T01:51:54", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 824-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nSeptember 29th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : clamav\nVulnerability : infinite loop, buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CAN-2005-2919 CAN-2005-2920\nDebian Bug : 328660\n\nTwo vulnerabilities have been discovered in Clam AntiVirus, the\nantivirus scanner for Unix, designed for integration with mail servers\nto perform attachment scanning. The following problems were\nidentified:\n\nCAN-2005-2919\n\n A potentially infinite loop could lead to a denial of service.\n\nCAN-2005-2920\n\n A buffer overflow could lead to a denial of service.\n\nThe old stable distribution (woody) does not contain ClamAV packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.4.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.87-1.\n\nWe recommend that you upgrade your clamav package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.dsc\n Size/MD5 checksum: 872 1a1aaa3318ae10c6806f582588e307bb\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.diff.gz\n Size/MD5 checksum: 175215 e44e7c828b916a87c94985cf8eae3d13\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz\n Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.4_all.deb\n Size/MD5 checksum: 154302 764277db36650876f13658e2e5f0751b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.4_all.deb\n Size/MD5 checksum: 689924 e5aba73a0a6f949f7ddf2e6efa6b0aeb\n http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.4_all.deb\n Size/MD5 checksum: 123298 5792bbcedba7c7b19b118976c23d7dff\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 74672 e6725d68591dd710cce840b8020647c9\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 48792 ab341735b610360d211d93aae21f8c04\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 2176364 57135c04ea09bb8571e1fcb31db492e0\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 42112 d9881a7457c16df6c279e3de6715a8c1\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 254516 d8dff4ba494bb9dcfa1a2be51c0b3a8c\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 283868 4cf4e2c9a673c679af6d53cd19fd86e2\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 68858 e1cf55557564afe9eb85b8028ed95576\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 44188 f043d16b9b1fa8755fb27b97b24bfa6c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 2173194 9c1766d7351dea3e1c6529b77c03e3e4\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 40006 2407a0b2ca24d6bf745c2bd9c509a7e8\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 175354 2fb4df2228763488f9fbb5b6ae52d38e\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 257910 ce9eef9c38187a70582528ef6a99f9e6\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 63824 d6cb239e323084cfc6b5a30f36a52c01\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 39520 76997f2c09141dfc517570f0c0f77598\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 2171212 6b64588c64a58e275b226a8289cbffd3\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 37304 8f29746edb67c02477b662b473ac4234\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 173526 02a315f3ad72931252a2fcfaf7682561\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 248328 7de5f21da6ebd76b9e6bce64b1935df9\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 65124 f53eadb97b80d0b2f7c8a8f6d15c7fcc\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 40194 11affc953259da108bb6ac9015703c9a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 2171518 136c46a06385fbb5e8d896d642bc0f05\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 38030 ef402381cb175820ea4b0c01d2974b54\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 158546 89741c1bf059281f1ca2aa0dd7f40861\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 252594 60e13cb2197362fbda1d8d122b841cfe\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 81706 8267ad55e4b5b58bf80911973a635e02\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 55102 f90bc4bac2fed23429feecdbe92fb850\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 2180084 0200268cac161cc694f2eb87e050521a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 49208 f143c1c98036aa4d404c8c9c9b533e33\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 250412 12a7b80cc296d1825ff40c297f7b2592\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 315812 a8e46a8c22ab740d51b80da4edcbde8d\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 68182 9b08058ca6bdfc769a091c7c89a7ce64\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 43234 4ebf553bf0a02e8179260d04c7dd7238\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 2173616 d8d57d8b12fddd5c9ea61b5affdfb34e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 39450 adffa3c170aea391e410e997f57cf535\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 201266 29b0927ba2b89df397423e6e520cfa1f\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 281814 4916e2bb671314195cf51e50c375101d\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 62456 f83ffc5a1b29336b95d29480976f3229\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 38072 237a81f8ae94f568a7ab288b01d7294b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 2170454 38f3c19b1d3600361a3eff93b2c08924\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 35068 d54fa55db1fe03921ce0e080946a3006\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 145372 27ff086da84d8b2b7e1a7b5e0ec6faad\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 249018 8ec76ffcdd22dc2216b29c0a5b0967b2\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 67858 ff8ac22975ec3987744b41635334032a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 43674 3672906fe3fde3bc7a94ad54c47d07d4\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 2172970 a8580f8e196acba4d9d625c4cc423338\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 37670 ccdc395e404f330c20598d5b02ddaf49\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 194320 bb910353a34fea0942afab88a31d7dea\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 256088 7ec97820fa2470e7b58bf2d3b7d5c696\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 67478 b78451c1753da62285c74c07e0fe263f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 43488 06e92d862ef6cd8a6ecd20f3537c4d7b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 2172916 f5a1eee003eb3995b97fe10b4ea09809\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 37958 6cdc8361e786e419383ca407b287c65b\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 190670 c464b1c69c97529361b0317d5db6fdc5\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 253560 b892c53f46239ed94dc23d74c7958b06\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 69226 dd9cc43999a009d6df890de345a692cd\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 44584 58799c4b2e083df36b7a70d6b084d026\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 2173556 bb02308f91a0b63bb560db20973d28f7\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 38876 09a8c78537033a725fba8214735b5882\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 186618 459c027d740cf25932665586f55a68ff\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 263206 5a0fa00dd636ae40a62f0e02d63bc19b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 67772 1ec4fd75cf9b37c1b124e14cad82d75e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 43434 1e0ce0535300f7176e550df27af61097\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 2172868 3884882c922c7a32b4d486545400b384\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 38934 a85a83dfd24e7fd3ebb8236782273c36\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 181596 c419b59dc3bad8208f6d0c4ff9248e13\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 267778 00ea85457a4457d7539f9e939fa38524\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 64334 9e1a24f503ce5d8ef70798f0dad6714a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 39392 7eaf2f1afd3bd2ab143f5b5f78cdd51b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 2171076 e9e6a7aa3e48315dd9905e407ed6b969\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 36854 1d81507b5ee8ae42506dad08b6a9a452\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 174900 a6a7fcfed104d7351832f7eba3b5e6b1\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 263458 4f26cd6ff0466652766d7ce5ae183a63\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-09-29T11:59:49", "type": "debian", "title": "[SECURITY] [DSA 824-1] New ClamAV packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2005-09-29T11:59:49", "id": "DEBIAN:DSA-824-1:78C25", "href": "https://lists.debian.org/debian-security-announce/2005/msg00216.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T03:09:07", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 824-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nSeptember 29th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : clamav\nVulnerability : infinite loop, buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CAN-2005-2919 CAN-2005-2920\nDebian Bug : 328660\n\nTwo vulnerabilities have been discovered in Clam AntiVirus, the\nantivirus scanner for Unix, designed for integration with mail servers\nto perform attachment scanning. The following problems were\nidentified:\n\nCAN-2005-2919\n\n A potentially infinite loop could lead to a denial of service.\n\nCAN-2005-2920\n\n A buffer overflow could lead to a denial of service.\n\nThe old stable distribution (woody) does not contain ClamAV packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.4.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.87-1.\n\nWe recommend that you upgrade your clamav package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.dsc\n Size/MD5 checksum: 872 1a1aaa3318ae10c6806f582588e307bb\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.diff.gz\n Size/MD5 checksum: 175215 e44e7c828b916a87c94985cf8eae3d13\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz\n Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.4_all.deb\n Size/MD5 checksum: 154302 764277db36650876f13658e2e5f0751b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.4_all.deb\n Size/MD5 checksum: 689924 e5aba73a0a6f949f7ddf2e6efa6b0aeb\n http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.4_all.deb\n Size/MD5 checksum: 123298 5792bbcedba7c7b19b118976c23d7dff\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 74672 e6725d68591dd710cce840b8020647c9\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 48792 ab341735b610360d211d93aae21f8c04\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 2176364 57135c04ea09bb8571e1fcb31db492e0\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 42112 d9881a7457c16df6c279e3de6715a8c1\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 254516 d8dff4ba494bb9dcfa1a2be51c0b3a8c\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_alpha.deb\n Size/MD5 checksum: 283868 4cf4e2c9a673c679af6d53cd19fd86e2\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 68858 e1cf55557564afe9eb85b8028ed95576\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 44188 f043d16b9b1fa8755fb27b97b24bfa6c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 2173194 9c1766d7351dea3e1c6529b77c03e3e4\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 40006 2407a0b2ca24d6bf745c2bd9c509a7e8\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 175354 2fb4df2228763488f9fbb5b6ae52d38e\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_amd64.deb\n Size/MD5 checksum: 257910 ce9eef9c38187a70582528ef6a99f9e6\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 63824 d6cb239e323084cfc6b5a30f36a52c01\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 39520 76997f2c09141dfc517570f0c0f77598\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 2171212 6b64588c64a58e275b226a8289cbffd3\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 37304 8f29746edb67c02477b662b473ac4234\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 173526 02a315f3ad72931252a2fcfaf7682561\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_arm.deb\n Size/MD5 checksum: 248328 7de5f21da6ebd76b9e6bce64b1935df9\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 65124 f53eadb97b80d0b2f7c8a8f6d15c7fcc\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 40194 11affc953259da108bb6ac9015703c9a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 2171518 136c46a06385fbb5e8d896d642bc0f05\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 38030 ef402381cb175820ea4b0c01d2974b54\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 158546 89741c1bf059281f1ca2aa0dd7f40861\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_i386.deb\n Size/MD5 checksum: 252594 60e13cb2197362fbda1d8d122b841cfe\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 81706 8267ad55e4b5b58bf80911973a635e02\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 55102 f90bc4bac2fed23429feecdbe92fb850\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 2180084 0200268cac161cc694f2eb87e050521a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 49208 f143c1c98036aa4d404c8c9c9b533e33\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 250412 12a7b80cc296d1825ff40c297f7b2592\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_ia64.deb\n Size/MD5 checksum: 315812 a8e46a8c22ab740d51b80da4edcbde8d\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 68182 9b08058ca6bdfc769a091c7c89a7ce64\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 43234 4ebf553bf0a02e8179260d04c7dd7238\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 2173616 d8d57d8b12fddd5c9ea61b5affdfb34e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 39450 adffa3c170aea391e410e997f57cf535\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 201266 29b0927ba2b89df397423e6e520cfa1f\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_hppa.deb\n Size/MD5 checksum: 281814 4916e2bb671314195cf51e50c375101d\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 62456 f83ffc5a1b29336b95d29480976f3229\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 38072 237a81f8ae94f568a7ab288b01d7294b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 2170454 38f3c19b1d3600361a3eff93b2c08924\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 35068 d54fa55db1fe03921ce0e080946a3006\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 145372 27ff086da84d8b2b7e1a7b5e0ec6faad\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_m68k.deb\n Size/MD5 checksum: 249018 8ec76ffcdd22dc2216b29c0a5b0967b2\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 67858 ff8ac22975ec3987744b41635334032a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 43674 3672906fe3fde3bc7a94ad54c47d07d4\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 2172970 a8580f8e196acba4d9d625c4cc423338\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 37670 ccdc395e404f330c20598d5b02ddaf49\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 194320 bb910353a34fea0942afab88a31d7dea\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mips.deb\n Size/MD5 checksum: 256088 7ec97820fa2470e7b58bf2d3b7d5c696\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 67478 b78451c1753da62285c74c07e0fe263f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 43488 06e92d862ef6cd8a6ecd20f3537c4d7b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 2172916 f5a1eee003eb3995b97fe10b4ea09809\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 37958 6cdc8361e786e419383ca407b287c65b\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 190670 c464b1c69c97529361b0317d5db6fdc5\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mipsel.deb\n Size/MD5 checksum: 253560 b892c53f46239ed94dc23d74c7958b06\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 69226 dd9cc43999a009d6df890de345a692cd\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 44584 58799c4b2e083df36b7a70d6b084d026\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 2173556 bb02308f91a0b63bb560db20973d28f7\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 38876 09a8c78537033a725fba8214735b5882\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 186618 459c027d740cf25932665586f55a68ff\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_powerpc.deb\n Size/MD5 checksum: 263206 5a0fa00dd636ae40a62f0e02d63bc19b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 67772 1ec4fd75cf9b37c1b124e14cad82d75e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 43434 1e0ce0535300f7176e550df27af61097\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 2172868 3884882c922c7a32b4d486545400b384\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 38934 a85a83dfd24e7fd3ebb8236782273c36\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 181596 c419b59dc3bad8208f6d0c4ff9248e13\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_s390.deb\n Size/MD5 checksum: 267778 00ea85457a4457d7539f9e939fa38524\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 64334 9e1a24f503ce5d8ef70798f0dad6714a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 39392 7eaf2f1afd3bd2ab143f5b5f78cdd51b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 2171076 e9e6a7aa3e48315dd9905e407ed6b969\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 36854 1d81507b5ee8ae42506dad08b6a9a452\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 174900 a6a7fcfed104d7351832f7eba3b5e6b1\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_sparc.deb\n Size/MD5 checksum: 263458 4f26cd6ff0466652766d7ce5ae183a63\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-09-29T11:59:49", "type": "debian", "title": "[SECURITY] [DSA 824-1] New ClamAV packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2005-09-29T11:59:49", "id": "DEBIAN:DSA-824-1:A1448", "href": "https://lists.debian.org/debian-security-announce/2005/msg00216.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-06T05:01:27", "description": "\nTwo vulnerabilities have been discovered in Clam AntiVirus, the\nantivirus scanner for Unix, designed for integration with mail servers\nto perform attachment scanning. The following problems were\nidentified:\n\n\n* [CAN-2005-2919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919)\nA potentially infinite loop could lead to a denial of service.\n* [CAN-2005-2920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920)\nA buffer overflow could lead to a denial of service.\n\n\nThe old stable distribution (woody) does not contain ClamAV packages.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.4.\n\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.87-1.\n\n\nWe recommend that you upgrade your clamav package.\n\n\n", "cvss3": {}, "published": "2005-09-29T00:00:00", "type": "osv", "title": "clamav - infinite loop, buffer overflow", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2919", "CVE-2005-2920"], "modified": "2022-07-06T03:21:52", "id": "OSV:DSA-824-1", "href": "https://osv.dev/vulnerability/DSA-824-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

CVE-2005-2920

Description

Affected Package

Related