{"id": "EB5124A4-8A20-11DB-B033-00123FFE8333", "bulletinFamily": "unix", "title": "clamav -- Multipart Nestings Denial of Service", "description": "\nSecunia reports:\n\nClam AntiVirus have a vulnerability, which can be exploited by\n\t malicious people to cause a DoS (Denial of Service).\nThe vulnerability is caused due to a stack overflow when scanning\n\t messages with deeply nested multipart content. This can be\n\t exploited to crash the service by sending specially crafted emails\n\t to a vulnerable system.\n\n", "published": "2006-12-06T00:00:00", "modified": "2013-06-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/eb5124a4-8a20-11db-b033-00123ffe8333.html", "reporter": "FreeBSD", "references": ["http://www.quantenblog.net/security/virus-scanner-bypass", "http://secunia.com/advisories/23347/"], "cvelist": ["CVE-2006-6481"], "type": "freebsd", "lastseen": "2019-05-29T18:34:39", "edition": 4, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6481"]}, {"type": "osvdb", "idList": ["OSVDB:31283"]}, {"type": "openvas", "idList": ["OPENVAS:57737", "OPENVAS:57957", "OPENVAS:65119", "OPENVAS:136141256231065119", "OPENVAS:57708"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1238.NASL", "MANDRAKE_MDKSA-2006-230.NASL", "FREEBSD_PKG_EB5124A48A2011DBB03300123FFE8333.NASL", "SUSE_CLAMAV-2390.NASL", "GENTOO_GLSA-200612-18.NASL", "MACOSX_SECUPD2008-002.NASL", "SUSE_CLAMAV-2391.NASL", "SUSE_SA_2006_078.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200612-18"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1238-1:689B5"]}, {"type": "suse", "idList": ["SUSE-SA:2006:078"]}], "modified": "2019-05-29T18:34:39", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2019-05-29T18:34:39", "rev": 2}, "vulnersScore": 5.4}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "clamav", "packageVersion": "0.88.7"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "clamav-devel", "packageVersion": "20061029"}], "scheme": null, "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:27:26", "description": "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.", "edition": 4, "cvss3": {}, "published": "2006-12-12T01:28:00", "title": "CVE-2006-6481", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6481"], "modified": "2011-03-08T02:46:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.88.6"], "id": "CVE-2006-6481", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6481", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6481"], "description": "### Background\n\nClamAV is a GPL virus scanner. \n\n### Description\n\nHendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content. \n\n### Impact\n\nBy sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.88.7\"", "edition": 1, "modified": "2006-12-18T00:00:00", "published": "2006-12-18T00:00:00", "id": "GLSA-200612-18", "href": "https://security.gentoo.org/glsa/200612-18", "type": "gentoo", "title": "ClamAV: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-6481"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:23379](https://secuniaresearch.flexerasoftware.com/advisories/23379/)\n[Secunia Advisory ID:23347](https://secuniaresearch.flexerasoftware.com/advisories/23347/)\n[Secunia Advisory ID:23417](https://secuniaresearch.flexerasoftware.com/advisories/23417/)\n[Secunia Advisory ID:23411](https://secuniaresearch.flexerasoftware.com/advisories/23411/)\n[Secunia Advisory ID:23460](https://secuniaresearch.flexerasoftware.com/advisories/23460/)\n[Secunia Advisory ID:23404](https://secuniaresearch.flexerasoftware.com/advisories/23404/)\n[Secunia Advisory ID:23362](https://secuniaresearch.flexerasoftware.com/advisories/23362/)\n[Related OSVDB ID: 31284](https://vulners.com/osvdb/OSVDB:31284)\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:230\nOther Advisory URL: http://www.quantenblog.net/security/virus-scanner-bypass\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-18.xml\nOther Advisory URL: http://www.trustix.org/errata/2006/0072/\nOther Advisory URL: http://kolab.org/security/kolab-vendor-notice-14.txt\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1238\nKeyword: clamav\nFrSIRT Advisory: ADV-2006-5113\nFrSIRT Advisory: ADV-2006-4948\n[CVE-2006-6481](https://vulners.com/cve/CVE-2006-6481)\nBugtraq ID: 21609\n", "edition": 1, "modified": "2007-01-10T23:16:08", "published": "2007-01-10T23:16:08", "href": "https://vulners.com/osvdb/OSVDB:31283", "id": "OSVDB:31283", "title": "Clam AntiVirus Layered Base64 MIME Encoding DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6481"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:57708", "href": "http://plugins.openvas.org/nasl.php?oid=57708", "type": "openvas", "title": "FreeBSD Ports: clamav", "sourceData": "#\n#VID eb5124a4-8a20-11db-b033-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n clamav clamav-devel\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/23347/\nhttp://www.quantenblog.net/security/virus-scanner-bypass\nhttp://www.vuxml.org/freebsd/eb5124a4-8a20-11db-b033-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57708);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-6481\");\n script_name(\"FreeBSD Ports: clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"clamav\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.88.7\")<0) {\n txt += 'Package clamav version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"clamav-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"20061029\")<=0) {\n txt += 'Package clamav-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6481"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200612-18.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57957", "href": "http://plugins.openvas.org/nasl.php?oid=57957", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200612-18 (clamav)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ClamAV is vulnerable to Denial of Service.\";\ntag_solution = \"All ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.88.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200612-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=157698\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200612-18.\";\n\n \n\nif(description)\n{\n script_id(57957);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-6481\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200612-18 (clamav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-antivirus/clamav\", unaffected: make_list(\"ge 0.88.7\"), vulnerable: make_list(\"lt 0.88.7\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6406", "CVE-2006-6481"], "description": "The remote host is missing an update to clamav\nannounced via advisory DSA 1238-1.\n\nSeveral remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2006-6406\n\nHendrik Weimer discovered that invalid characters in base64 encoded\ndata may lead to bypass of scanning mechanisms.\n\nCVE-2006-6481\n\nHendrik Weimer discovered that deeply nested multipart/mime MIME\ndata may lead to denial of service.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57737", "href": "http://plugins.openvas.org/nasl.php?oid=57737", "type": "openvas", "title": "Debian Security Advisory DSA 1238-1 (clamav)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1238_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1238-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.13.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 0.88.7-1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.88.7-1.\n\nWe recommend that you upgrade your clamav packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201238-1\";\ntag_summary = \"The remote host is missing an update to clamav\nannounced via advisory DSA 1238-1.\n\nSeveral remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2006-6406\n\nHendrik Weimer discovered that invalid characters in base64 encoded\ndata may lead to bypass of scanning mechanisms.\n\nCVE-2006-6481\n\nHendrik Weimer discovered that deeply nested multipart/mime MIME\ndata may lead to denial of service.\";\n\n\nif(description)\n{\n script_id(57737);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-6406\", \"CVE-2006-6481\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1238-1 (clamav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"clamav-base\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-docs\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-testfiles\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-daemon\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-freshclam\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-milter\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libclamav-dev\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libclamav1\", ver:\"0.84-2.sarge.13\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6406", "CVE-2006-6481", "CVE-2006-5874"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013169 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065119", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065119", "type": "openvas", "title": "SLES9: Security update for clamav", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013169.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for clamav\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013169 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65119\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-5874\", \"CVE-2006-6481\", \"CVE-2006-6406\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.88.7~1.1\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:56:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6406", "CVE-2006-6481", "CVE-2006-5874"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013169 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65119", "href": "http://plugins.openvas.org/nasl.php?oid=65119", "type": "openvas", "title": "SLES9: Security update for clamav", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013169.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for clamav\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013169 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65119);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-5874\", \"CVE-2006-6481\", \"CVE-2006-6406\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.88.7~1.1\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:09", "description": "The remote host is affected by the vulnerability described in GLSA-200612-18\n(ClamAV: Denial of Service)\n\n Hendrik Weimer discovered that ClamAV fails to properly handle deeply\n nested MIME multipart/mixed content.\n \nImpact :\n\n By sending a specially crafted email with deeply nested MIME\n multipart/mixed content an attacker could cause ClamAV to crash.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-12-30T00:00:00", "title": "GLSA-200612-18 : ClamAV: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6481"], "modified": "2006-12-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:clamav"], "id": "GENTOO_GLSA-200612-18.NASL", "href": "https://www.tenable.com/plugins/nessus/23955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200612-18.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23955);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6481\");\n script_xref(name:\"GLSA\", value:\"200612-18\");\n\n script_name(english:\"GLSA-200612-18 : ClamAV: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200612-18\n(ClamAV: Denial of Service)\n\n Hendrik Weimer discovered that ClamAV fails to properly handle deeply\n nested MIME multipart/mixed content.\n \nImpact :\n\n By sending a specially crafted email with deeply nested MIME\n multipart/mixed content an attacker could cause ClamAV to crash.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200612-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ClamAV users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.88.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-antivirus/clamav\", unaffected:make_list(\"ge 0.88.7\"), vulnerable:make_list(\"lt 0.88.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ClamAV\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:51:16", "description": "Secunia reports :\n\nClam AntiVirus have a vulnerability, which can be exploited by\nmalicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to a stack overflow when scanning\nmessages with deeply nested multipart content. This can be exploited\nto crash the service by sending specially crafted emails to a\nvulnerable system.", "edition": 24, "published": "2006-12-14T00:00:00", "title": "FreeBSD : clamav -- Multipart Nestings Denial of Service (eb5124a4-8a20-11db-b033-00123ffe8333)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6481"], "modified": "2006-12-14T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:clamav-devel", "p-cpe:/a:freebsd:freebsd:clamav"], "id": "FREEBSD_PKG_EB5124A48A2011DBB03300123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/23853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23853);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6481\");\n script_xref(name:\"Secunia\", value:\"23347\");\n\n script_name(english:\"FreeBSD : clamav -- Multipart Nestings Denial of Service (eb5124a4-8a20-11db-b033-00123ffe8333)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nClam AntiVirus have a vulnerability, which can be exploited by\nmalicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to a stack overflow when scanning\nmessages with deeply nested multipart content. This can be exploited\nto crash the service by sending specially crafted emails to a\nvulnerable system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.quantenblog.net/security/virus-scanner-bypass\"\n );\n # https://vuxml.freebsd.org/freebsd/eb5124a4-8a20-11db-b033-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64d445ab\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"clamav<0.88.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"clamav-devel<=20061029\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:44:44", "description": "Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2006-6406\n Hendrik Weimer discovered that invalid characters in\n base64 encoded data may lead to bypass of scanning\n mechanisms.\n\n - CVE-2006-6481\n Hendrik Weimer discovered that deeply nested\n multipart/mime MIME data may lead to denial of service.", "edition": 25, "published": "2006-12-18T00:00:00", "title": "Debian DSA-1238-1 : clamav - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6406", "CVE-2006-6481"], "modified": "2006-12-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:clamav"], "id": "DEBIAN_DSA-1238.NASL", "href": "https://www.tenable.com/plugins/nessus/23912", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1238. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23912);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-6406\", \"CVE-2006-6481\");\n script_xref(name:\"DSA\", value:\"1238\");\n\n script_name(english:\"Debian DSA-1238-1 : clamav - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2006-6406\n Hendrik Weimer discovered that invalid characters in\n base64 encoded data may lead to bypass of scanning\n mechanisms.\n\n - CVE-2006-6481\n Hendrik Weimer discovered that deeply nested\n multipart/mime MIME data may lead to denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-6406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-6481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1238\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the clamav packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.13.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 0.88.7-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"clamav\", reference:\"0.84-2.sarge.13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-base\", reference:\"0.84-2.sarge.13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-daemon\", reference:\"0.84-2.sarge.13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-docs\", reference:\"0.84-2.sarge.13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-freshclam\", reference:\"0.84-2.sarge.13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-milter\", reference:\"0.84-2.sarge.13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"clamav-testfiles\", reference:\"0.84-2.sarge.13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libclamav-dev\", reference:\"0.84-2.sarge.13\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libclamav1\", reference:\"0.84-2.sarge.13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:14:49", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:078 (clamav).\n\n\nThe anti virus scan engine ClamAV has been updated to version 0.88.7\nto fix various security problems:\n\nCVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to\ncause a denial of service (crash) via a malformed base64-encoded MIME\nattachment that triggers a NULL pointer dereference.\n\nCVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\nto cause a denial of service (stack overflow and application crash)\nby wrapping many layers of multipart/mixed content around a document,\na different vulnerability than CVE-2006-5874 and CVE-2006-6406.\n\nCVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\nto bypass virus detection by inserting invalid characters into base64\nencoded content in a multipart/mixed MIME file, as demonstrated with\nthe EICAR test file.", "edition": 6, "published": "2007-02-18T00:00:00", "title": "SUSE-SA:2006:078: clamav", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6406", "CVE-2006-6481", "CVE-2006-5874"], "modified": "2007-02-18T00:00:00", "cpe": [], "id": "SUSE_SA_2006_078.NASL", "href": "https://www.tenable.com/plugins/nessus/24453", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:078\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24453);\n script_version(\"1.11\");\n \n name[\"english\"] = \"SUSE-SA:2006:078: clamav\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:078 (clamav).\n\n\nThe anti virus scan engine ClamAV has been updated to version 0.88.7\nto fix various security problems:\n\nCVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to\ncause a denial of service (crash) via a malformed base64-encoded MIME\nattachment that triggers a NULL pointer dereference.\n\nCVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\nto cause a denial of service (stack overflow and application crash)\nby wrapping many layers of multipart/mixed content around a document,\na different vulnerability than CVE-2006-5874 and CVE-2006-6406.\n\nCVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\nto bypass virus detection by inserting invalid characters into base64\nencoded content in a multipart/mixed MIME file, as demonstrated with\nthe EICAR test file.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_78_clamav.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the clamav package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"clamav-0.88.7-1.1\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"clamav-0.88.7-1.1\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:43:22", "description": "This update to ClamAV version 0.88.7 fixes various bugs :\n\nCVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to\ncause a denial of service (crash) via a malformed base64-encoded MIME\nattachment that triggers a NULL pointer dereference.\n\nCVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\nto cause a denial of service (stack overflow and application crash) by\nwrapping many layers of multipart/mixed content around a document, a\ndifferent vulnerability than CVE-2006-5874 and CVE-2006-6406.\n\nCVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\nto bypass virus detection by inserting invalid characters into base64\nencoded content in a multipart/mixed MIME file, as demonstrated with\nthe EICAR test file.", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : clamav (clamav-2391)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6406", "CVE-2006-6481", "CVE-2006-5874"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:clamav", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_CLAMAV-2391.NASL", "href": "https://www.tenable.com/plugins/nessus/27177", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update clamav-2391.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27177);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5874\", \"CVE-2006-6406\", \"CVE-2006-6481\");\n\n script_name(english:\"openSUSE 10 Security Update : clamav (clamav-2391)\");\n script_summary(english:\"Check for the clamav-2391 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to ClamAV version 0.88.7 fixes various bugs :\n\nCVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to\ncause a denial of service (crash) via a malformed base64-encoded MIME\nattachment that triggers a NULL pointer dereference.\n\nCVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\nto cause a denial of service (stack overflow and application crash) by\nwrapping many layers of multipart/mixed content around a document, a\ndifferent vulnerability than CVE-2006-5874 and CVE-2006-6406.\n\nCVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\nto bypass virus detection by inserting invalid characters into base64\nencoded content in a multipart/mixed MIME file, as demonstrated with\nthe EICAR test file.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"clamav-0.88.7-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"clamav-0.88.7-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:43:22", "description": "This update to ClamAV version 0.88.7 fixes various bugs :\n\n - Clam AntiVirus (ClamAV) allows remote attackers to cause\n a denial of service (crash) via a malformed\n base64-encoded MIME attachment that triggers a NULL\n pointer dereference. (CVE-2006-5874)\n\n - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\n to cause a denial of service (stack overflow and\n application crash) by wrapping many layers of\n multipart/mixed content around a document, a different\n vulnerability than CVE-2006-5874 / CVE-2006-6406.\n (CVE-2006-6481)\n\n - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\n to bypass virus detection by inserting invalid\n characters into base64 encoded content in a\n multipart/mixed MIME file, as demonstrated with the\n EICAR test file. (CVE-2006-6406)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : clamav (ZYPP Patch Number 2390)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6406", "CVE-2006-6481", "CVE-2006-5874"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CLAMAV-2390.NASL", "href": "https://www.tenable.com/plugins/nessus/29397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29397);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5874\", \"CVE-2006-6406\", \"CVE-2006-6481\");\n\n script_name(english:\"SuSE 10 Security Update : clamav (ZYPP Patch Number 2390)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to ClamAV version 0.88.7 fixes various bugs :\n\n - Clam AntiVirus (ClamAV) allows remote attackers to cause\n a denial of service (crash) via a malformed\n base64-encoded MIME attachment that triggers a NULL\n pointer dereference. (CVE-2006-5874)\n\n - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\n to cause a denial of service (stack overflow and\n application crash) by wrapping many layers of\n multipart/mixed content around a document, a different\n vulnerability than CVE-2006-5874 / CVE-2006-6406.\n (CVE-2006-6481)\n\n - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers\n to bypass virus detection by inserting invalid\n characters into base64 encoded content in a\n multipart/mixed MIME file, as demonstrated with the\n EICAR test file. (CVE-2006-6406)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-5874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6406.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6481.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2390.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"clamav-0.88.7-1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:51:39", "description": "The latest version of ClamAV, 0.88.7, fixes some bugs, including\nvulnerabilities with handling base64-encoded MIME attachment files\nthat can lead to either a) a crash (CVE-2006-5874), or b) a bypass of\nvirus detection (CVE-2006-6406).\n\nAs well, a vulnerability was discovered that allows remote attackers\nto cause a stack overflow and application crash by wrapping many\nlayers of multipart/mixed content around a document (CVE-2006-6481).\n\nThe latest ClamAV is being provided to address these issues.", "edition": 24, "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : clamav (MDKSA-2006:230)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6406", "CVE-2006-6481", "CVE-2006-5874"], "modified": "2007-02-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:clamd", "p-cpe:/a:mandriva:linux:clamav", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:lib64clamav1", "p-cpe:/a:mandriva:linux:clamav-milter", "p-cpe:/a:mandriva:linux:libclamav1", "p-cpe:/a:mandriva:linux:clamav-db", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:lib64clamav1-devel", "p-cpe:/a:mandriva:linux:libclamav1-devel"], "id": "MANDRAKE_MDKSA-2006-230.NASL", "href": "https://www.tenable.com/plugins/nessus/24613", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:230. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24613);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-5874\", \"CVE-2006-6406\", \"CVE-2006-6481\");\n script_xref(name:\"MDKSA\", value:\"2006:230\");\n\n script_name(english:\"Mandrake Linux Security Advisory : clamav (MDKSA-2006:230)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The latest version of ClamAV, 0.88.7, fixes some bugs, including\nvulnerabilities with handling base64-encoded MIME attachment files\nthat can lead to either a) a crash (CVE-2006-5874), or b) a bypass of\nvirus detection (CVE-2006-6406).\n\nAs well, a vulnerability was discovered that allows remote attackers\nto cause a stack overflow and application crash by wrapping many\nlayers of multipart/mixed content around a document (CVE-2006-6481).\n\nThe latest ClamAV is being provided to address these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libclamav1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libclamav1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"clamav-0.88.7-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"clamav-db-0.88.7-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"clamav-milter-0.88.7-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"clamd-0.88.7-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64clamav1-0.88.7-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64clamav1-devel-0.88.7-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libclamav1-0.88.7-0.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libclamav1-devel-0.88.7-0.1.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamav-0.88.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamav-db-0.88.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamav-milter-0.88.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamd-0.88.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64clamav1-0.88.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64clamav1-devel-0.88.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libclamav1-0.88.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libclamav1-devel-0.88.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-01T03:41:06", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have the security update 2008-002 applied. \n\nThis update contains several security fixes for a number of programs.", "edition": 27, "published": "2008-03-19T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2008-002)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0056", "CVE-2007-6335", "CVE-2007-1662", "CVE-2008-0063", "CVE-2007-4768", "CVE-2008-0999", "CVE-2006-5793", "CVE-2007-1661", "CVE-2007-5958", "CVE-2007-4752", "CVE-2008-0990", "CVE-2008-0052", "CVE-2008-0994", "CVE-2007-3799", "CVE-2007-6109", "CVE-2007-5901", "CVE-2007-4887", "CVE-2008-0989", "CVE-2007-6429", "CVE-2007-6337", "CVE-2007-6203", "CVE-2008-0046", "CVE-2008-0060", "CVE-2008-0049", "CVE-2007-1659", "CVE-2008-0318", "CVE-2008-0596", "CVE-2008-0006", "CVE-2007-5269", "CVE-2008-0057", "CVE-2006-6481", "CVE-2007-6428", "CVE-2007-5795", "CVE-2006-3334", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-4510", "CVE-2007-5971", "CVE-2008-0987", "CVE-2007-1997", "CVE-2008-0995", "CVE-2008-0998", "CVE-2008-0728", "CVE-2008-0059", "CVE-2007-1660", "CVE-2008-0992", "CVE-2007-5268", "CVE-2008-0005", "CVE-2008-0993", "CVE-2007-4990", "CVE-2008-0045", "CVE-2006-3747", "CVE-2007-6421", "CVE-2008-0053", "CVE-2007-5266", "CVE-2007-2445", "CVE-2008-0048", "CVE-2007-6427", "CVE-2007-3847", "CVE-2007-4568", "CVE-2007-1745", "CVE-2007-6388", "CVE-2007-4767", "CVE-2007-6336", "CVE-2007-5000", "CVE-2008-0054", "CVE-2007-4560", "CVE-2008-0996", "CVE-2008-0055", "CVE-2005-3352", "CVE-2007-3725", "CVE-2007-3378", "CVE-2007-5267", "CVE-2008-1000", "CVE-2008-0050", "CVE-2008-0882", "CVE-2007-2799", "CVE-2008-0051", "CVE-2008-0997", "CVE-2008-0044", "CVE-2008-0988", "CVE-2008-0062", "CVE-2007-4766", "CVE-2008-0047", "CVE-2008-0058", "CVE-2005-4077"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2008-002.NASL", "href": "https://www.tenable.com/plugins/nessus/31605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31605);\n script_version (\"1.38\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-4077\", \"CVE-2006-3334\", \"CVE-2006-3747\", \"CVE-2006-5793\",\n \"CVE-2006-6481\", \"CVE-2007-0897\", \"CVE-2007-0898\", \"CVE-2007-1659\", \"CVE-2007-1660\",\n \"CVE-2007-1661\", \"CVE-2007-1662\", \"CVE-2007-1745\", \"CVE-2007-1997\", \"CVE-2007-2445\",\n \"CVE-2007-2799\", \"CVE-2007-3378\", \"CVE-2007-3725\", \"CVE-2007-3799\", \"CVE-2007-3847\",\n \"CVE-2007-4510\", \"CVE-2007-4560\", \"CVE-2007-4568\", \"CVE-2007-4752\", \"CVE-2007-4766\",\n \"CVE-2007-4767\", \"CVE-2007-4768\", \"CVE-2007-4887\", \"CVE-2007-4990\", \"CVE-2007-5000\",\n \"CVE-2007-5266\", \"CVE-2007-5267\", \"CVE-2007-5268\", \"CVE-2007-5269\", \"CVE-2007-5795\",\n \"CVE-2007-5901\", \"CVE-2007-5958\", \"CVE-2007-5971\", \"CVE-2007-6109\", \"CVE-2007-6203\",\n \"CVE-2007-6335\", \"CVE-2007-6336\", \"CVE-2007-6337\", \"CVE-2007-6388\", \"CVE-2007-6421\",\n \"CVE-2007-6427\", \"CVE-2007-6428\", \"CVE-2007-6429\", \"CVE-2008-0005\", \"CVE-2008-0006\",\n \"CVE-2008-0044\", \"CVE-2008-0045\", \"CVE-2008-0046\", \"CVE-2008-0047\", \"CVE-2008-0048\",\n \"CVE-2008-0049\", \"CVE-2008-0050\", \"CVE-2008-0051\", \"CVE-2008-0052\", \"CVE-2008-0053\",\n \"CVE-2008-0054\", \"CVE-2008-0055\", \"CVE-2008-0056\", \"CVE-2008-0057\", \"CVE-2008-0058\",\n \"CVE-2008-0059\", \"CVE-2008-0060\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0318\",\n \"CVE-2008-0596\", \"CVE-2008-0728\", \"CVE-2008-0882\", \"CVE-2008-0987\", \"CVE-2008-0988\",\n \"CVE-2008-0989\", \"CVE-2008-0990\", \"CVE-2008-0992\", \"CVE-2008-0993\", \"CVE-2008-0994\",\n \"CVE-2008-0995\", \"CVE-2008-0996\", \"CVE-2008-0997\", \"CVE-2008-0998\", \"CVE-2008-0999\",\n \"CVE-2008-1000\");\n script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838,\n 26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307,\n 28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357,\n 28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372,\n 28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)\");\n script_summary(english:\"Check for the presence of Security Update 2008-002\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have the security update 2008-002 applied. \n\nThis update contains several security fixes for a number of programs.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=307562\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/14242\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2008-002 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/08/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/06/02\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0);\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\nelse if (egrep(pattern:\"Darwin.* (9\\.[0-2]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2008\\.002\\.bom\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:16:17", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6406", "CVE-2006-6481"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1238-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 17th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : clamav\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-6406 CVE-2006-6481\n\nSeveral remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2006-6406\n\n Hendrik Weimer discovered that invalid characters in base64 encoded\n data may lead to bypass of scanning mechanisms.\n\nCVE-2006-6481\n\n Hendrik Weimer discovered that deeply nested multipart/mime MIME\n data may lead to denial of service.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.13.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 0.88.7-1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.88.7-1.\n\nWe recommend that you upgrade your clamav packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13.dsc\n Size/MD5 checksum: 874 a99fd16ec6cd3597495d66c43d86b085\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13.diff.gz\n Size/MD5 checksum: 180118 96f6c6b906aeeb954ab2c87551d2c603\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz\n Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.13_all.deb\n Size/MD5 checksum: 155278 724ad22ce36c7ead6c7f4712bb5f0ff3\n http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.13_all.deb\n Size/MD5 checksum: 694788 e78c2d70bd21ab4825f7bd094b7cf28f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.13_all.deb\n Size/MD5 checksum: 124236 83e7462649f84e9de615de7fb6eb2b54\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_alpha.deb\n Size/MD5 checksum: 74850 2adf16cf2156a1e61727e44e7edb90a6\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_alpha.deb\n Size/MD5 checksum: 48904 780b33e72cc97613d1918ac5fc87469f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_alpha.deb\n Size/MD5 checksum: 2176490 0cbec86ecd122fcb6546cae48b1a5c61\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_alpha.deb\n Size/MD5 checksum: 42158 36ab068c44e0ac1f287e48241607edc0\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_alpha.deb\n Size/MD5 checksum: 256080 60bde0f909bf70949b7f0be8226e8f4b\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_alpha.deb\n Size/MD5 checksum: 286276 fbbfd2962447273cb529dc2688e25777\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_amd64.deb\n Size/MD5 checksum: 69004 66dac7905120712f0477ec01f2f13139\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_amd64.deb\n Size/MD5 checksum: 44270 2b6022acfbaa3f4b361d45a655ee1cf7\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_amd64.deb\n Size/MD5 checksum: 2173284 a1580fd5035949d97b7ea5a27665d55e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_amd64.deb\n Size/MD5 checksum: 40044 7b9102d5923f62a9ab12dc42a3efbd45\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_amd64.deb\n Size/MD5 checksum: 176794 cea39de4522486ee111e8a2b0bc28ce6\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_amd64.deb\n Size/MD5 checksum: 260382 9cb209b8272e4d47ff6ea75a531005ed\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_arm.deb\n Size/MD5 checksum: 63972 f3f8425d3e3a8a827f93ef6d03f336bd\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_arm.deb\n Size/MD5 checksum: 39632 ea7b6f705443aad934203b51e56cb755\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_arm.deb\n Size/MD5 checksum: 2171284 30d825ee4d9d89116ec548b7051373bf\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_arm.deb\n Size/MD5 checksum: 37310 379d788641b4310f7a8739f80ab938dd\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_arm.deb\n Size/MD5 checksum: 175126 67474b7ba1f31f3b4e9d9f9a522ae285\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_arm.deb\n Size/MD5 checksum: 250262 d5e8dc0f1ea852bbf77e2d1d6b8bed15\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_hppa.deb\n Size/MD5 checksum: 68464 add625fd31acfb07e8e34cc618e7a954\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_hppa.deb\n Size/MD5 checksum: 43276 7a2b981580012ab2afe3b7b6292b2138\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_hppa.deb\n Size/MD5 checksum: 2173680 45427c3f7cc4d7595ae5ef6b238e8baf\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_hppa.deb\n Size/MD5 checksum: 39532 6517f856a1df38af75dc57e54d5d7a2b\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_hppa.deb\n Size/MD5 checksum: 202876 dc3643365832834b72cfa24fb7c08a32\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_hppa.deb\n Size/MD5 checksum: 283936 4c159ec7e0603185a97b0f5d62099722\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_i386.deb\n Size/MD5 checksum: 65324 c460a3ba33fcee90c9f3c91685938b32\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_i386.deb\n Size/MD5 checksum: 40370 ce8929f2ddc2228cec2a2fea5550d38a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_i386.deb\n Size/MD5 checksum: 2171606 e2fa7b2fe19f04a66770bc606c39e919\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_i386.deb\n Size/MD5 checksum: 38078 81b6c522ebc4461b4b3dd5da0401fe68\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_i386.deb\n Size/MD5 checksum: 159904 2a6ee4c7a6e0b3532160d02e10643d57\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_i386.deb\n Size/MD5 checksum: 255048 4f53bc2e71a80762da1e82bff4117126\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_ia64.deb\n Size/MD5 checksum: 81950 ad4f8ccb2156b94629e82b943ed4a64b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_ia64.deb\n Size/MD5 checksum: 55328 364279da2de3f7e0b8ad038a4733a60f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_ia64.deb\n Size/MD5 checksum: 2180240 d80fc692c03cd3625b5523d98d883cd9\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_ia64.deb\n Size/MD5 checksum: 49236 a19e0a591503b344c54d810240dcb7de\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_ia64.deb\n Size/MD5 checksum: 252416 c3356dbe5e216f0871e24b42d787b604\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_ia64.deb\n Size/MD5 checksum: 318464 70a50bf5275e4ab303221d5ab707ed3d\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_m68k.deb\n Size/MD5 checksum: 62644 eb91d128b88ee9f952ec65ae1dee94e7\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_m68k.deb\n Size/MD5 checksum: 38238 4095d78fa120345f8d9cd04cd22e91c7\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_m68k.deb\n Size/MD5 checksum: 2170518 6e596aac7e604c88158e35e4a155a1e9\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_m68k.deb\n Size/MD5 checksum: 35126 e1dda3f1c1fe43cd06a4affb298bc16f\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_m68k.deb\n Size/MD5 checksum: 146488 4b14d5f0afbc4f780c2cead6adc4a3cc\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_m68k.deb\n Size/MD5 checksum: 251092 25300915476312b18df3ede8f79eaf30\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_mips.deb\n Size/MD5 checksum: 68070 cc8aab5ab0b1f459199c00a31fc56ad9\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_mips.deb\n Size/MD5 checksum: 43870 119cd5b965a6805fdce5cd90be28de22\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_mips.deb\n Size/MD5 checksum: 2173046 cf4b60a4d4570633519c079801a20b78\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_mips.deb\n Size/MD5 checksum: 37692 d492230af98b42b38ac566c640389862\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_mips.deb\n Size/MD5 checksum: 195822 fccf06425fae800f841a90d78d8e5120\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_mips.deb\n Size/MD5 checksum: 258168 c7051b8409be63e68bddf81d9a28f0bb\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_mipsel.deb\n Size/MD5 checksum: 67636 0f5c8fae1b340cde8a45b4c4067d508d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_mipsel.deb\n Size/MD5 checksum: 43690 c6645db26897d97cb36923fe189d5313\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_mipsel.deb\n Size/MD5 checksum: 2173010 c18740033f8fb8c47febb70dffddf954\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_mipsel.deb\n Size/MD5 checksum: 37998 d9108727e4db76d14bed80edbf1a3c97\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_mipsel.deb\n Size/MD5 checksum: 192216 e2783d04fd553879590271135fa6734d\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_mipsel.deb\n Size/MD5 checksum: 255744 b833681a0f74d286497f7b5368994514\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_powerpc.deb\n Size/MD5 checksum: 69382 e48f231bee41d3065ac1622eccdba9e0\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_powerpc.deb\n Size/MD5 checksum: 44720 0f3a2c415fb4e7a658d3a58bfac9e890\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_powerpc.deb\n Size/MD5 checksum: 2173682 4ea34d9279e37e70a4201e05371fca95\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_powerpc.deb\n Size/MD5 checksum: 38894 d249f17fb9c157ad16f9a426ffcc8bfa\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_powerpc.deb\n Size/MD5 checksum: 187854 cb0f4a9b4545e3f220389a12513b15db\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_powerpc.deb\n Size/MD5 checksum: 265516 853da016b2f5b75fcd06a5fed93de5d6\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_s390.deb\n Size/MD5 checksum: 67960 9cfa237a0ddf2f2b84a838873fa3a9dd\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_s390.deb\n Size/MD5 checksum: 43632 7cd6aa86a4ab193dc66ee60a973ccf15\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_s390.deb\n Size/MD5 checksum: 2172960 5e7305b7adfeeac716498952221d146f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_s390.deb\n Size/MD5 checksum: 38958 68bfab24f52fcbaa1d72538b17b80f12\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_s390.deb\n Size/MD5 checksum: 182860 8d0a959fb80bd90333dbbd92f3f8ac76\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_s390.deb\n Size/MD5 checksum: 270098 be6fc3cf76e1c0a9dad4eebb5ad64fee\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_sparc.deb\n Size/MD5 checksum: 64750 bbd81902e382538eef10d7f817d511af\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_sparc.deb\n Size/MD5 checksum: 39532 6ac663f32d7d66bf600d4f0c5df11d03\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_sparc.deb\n Size/MD5 checksum: 2171186 fd6946cfe666a43c81f4f2b27aab0f98\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_sparc.deb\n Size/MD5 checksum: 36890 b5b69baf1990e8b6cdf215910fbbd363\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_sparc.deb\n Size/MD5 checksum: 176104 b852e63365117f5252bd75b7a1ab3be6\n http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_sparc.deb\n Size/MD5 checksum: 265496 92b0efec94e02481cc9b1eb23a074a6a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 7, "modified": "2006-12-17T00:00:00", "published": "2006-12-17T00:00:00", "id": "DEBIAN:DSA-1238-1:689B5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00339.html", "title": "[SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T12:05:25", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6406", "CVE-2006-6481", "CVE-2006-5874"], "description": "The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-12-18T13:01:38", "published": "2006-12-18T13:01:38", "id": "SUSE-SA:2006:078", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-12/msg00016.html", "type": "suse", "title": "remote denial of service in clamav", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}