Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2020-1335.NASL
HistoryJan 17, 2020 - 12:00 a.m.

Amazon Linux AMI : clamav (ALAS-2020-1335)

2020-01-1700:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25

6.6 Medium

AI Score

Confidence

High

JSON

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. (CVE-2019-15961)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1335.
#

include('compat.inc');

if (description)
{
  script_id(133005);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/29");

  script_cve_id("CVE-2019-15961");
  script_xref(name:"ALAS", value:"2020-1335");

  script_name(english:"Amazon Linux AMI : clamav (ALAS-2020-1335)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the email parsing module Clam AntiVirus (ClamAV)
Software versions 0.102.0, 0.101.4 and prior could allow an
unauthenticated, remote attacker to cause a denial of service
condition on an affected device. The vulnerability is due to
inefficient MIME parsing routines that result in extremely long scan
times of specially formatted email files. An attacker could exploit
this vulnerability by sending a crafted email file to an affected
device. An exploit could allow the attacker to cause the ClamAV
scanning process to scan the crafted email file indefinitely,
resulting in a denial of service condition. (CVE-2019-15961)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1335.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update clamav' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15961");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-db");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-milter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamav-update");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clamd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"clamav-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamav-data-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamav-db-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamav-debuginfo-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamav-devel-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamav-filesystem-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamav-lib-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamav-milter-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamav-update-0.101.5-1.42.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"clamd-0.101.5-1.42.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav / clamav-data / clamav-db / clamav-debuginfo / clamav-devel / etc");
}
VendorProductVersionCPE
amazonlinuxclamavp-cpe:/a:amazon:linux:clamav
amazonlinuxclamav-datap-cpe:/a:amazon:linux:clamav-data
amazonlinuxclamav-dbp-cpe:/a:amazon:linux:clamav-db
amazonlinuxclamav-debuginfop-cpe:/a:amazon:linux:clamav-debuginfo
amazonlinuxclamav-develp-cpe:/a:amazon:linux:clamav-devel
amazonlinuxclamav-filesystemp-cpe:/a:amazon:linux:clamav-filesystem
amazonlinuxclamav-libp-cpe:/a:amazon:linux:clamav-lib
amazonlinuxclamav-milterp-cpe:/a:amazon:linux:clamav-milter
amazonlinuxclamav-updatep-cpe:/a:amazon:linux:clamav-update
amazonlinuxclamdp-cpe:/a:amazon:linux:clamd
Rows per page:
1-10 of 111

Related

suse 3
fedora 2
openvas 15
amazon 1
ubuntu 2
nessus 15
debian 1
osv 2
mageia 1
cvelist 1
cve 1
ubuntucve 1
freebsd 1
alpinelinux 1
altlinux 3
symantec 1
prion 1
debiancve 1
cbl_mariner 1
gentoo 1
suse
suse
Security update for clamav (important)
2019-12-11 00:00:00
Security update for clamav (moderate)
2020-12-18 00:00:00
Security update for clamav (moderate)
2020-12-17 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: clamav-0.101.5-1.fc31
2019-12-04 01:15:40
[SECURITY] Fedora 30 Update: clamav-0.101.5-1.fc30
2019-12-01 01:04:43
openvas
openvas
ClamAV <= 0.101.4, 0.102.0 DoS Vulnerability - Linux
2020-01-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:14236-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2019-0361)
2022-01-28 00:00:00
amazon
amazon
Medium: clamav
2020-01-14 18:11:00
ubuntu
ubuntu
ClamAV vulnerability
2020-01-23 00:00:00
ClamAV vulnerability
2020-01-08 00:00:00
nessus
nessus
Fedora 30 : clamav (2019-dcbfe89e39)
2019-12-03 00:00:00
SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:3177-1)
2019-12-06 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : ClamAV vulnerability (USN-4230-1)
2020-01-09 00:00:00
debian
debian
[SECURITY] [DLA 2108-1] clamav security update
2020-02-18 12:56:24
osv
osv
CVE-2019-15961
2020-01-15 19:15:13
clamav - security update
2020-02-18 00:00:00
mageia
mageia
Updated clamav packages fix security vulnerability
2019-12-06 17:15:42
cvelist
cvelist
CVE-2019-15961 Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability
2020-01-15 19:05:16
cve
cve
CVE-2019-15961
2020-01-15 19:15:00
ubuntucve
ubuntucve
CVE-2019-15961
2019-11-25 00:00:00
freebsd
freebsd
clamav -- Denial-of-Service (DoS) vulnerability
2019-09-06 00:00:00
alpinelinux
alpinelinux
CVE-2019-15961
2020-01-15 19:15:00
altlinux
altlinux
Security fix for the ALT Linux 9 package clamav version 0.101.5-alt1
2019-11-28 00:00:00
Security fix for the ALT Linux 8 package clamav version 0.101.5-alt1
2019-11-26 00:00:00
Security fix for the ALT Linux 10 package clamav version 0.101.5-alt1
2019-11-26 00:00:00
symantec
symantec
ClamAV CVE-2019-15961 Denial of Service Vulnerability
2019-11-20 00:00:00
prion
prion
Race condition
2020-01-15 19:15:00
debiancve
debiancve
CVE-2019-15961
2020-01-15 19:15:00
cbl_mariner
cbl_mariner
CVE-2019-15961 affecting package clamav 0.101.2-3
2021-05-06 23:56:51
gentoo
gentoo
ClamAV: Multiple vulnerabilities
2020-03-19 00:00:00

6.6 Medium

AI Score

Confidence

High

JSON
Related for ALA_ALAS-2020-1335.NASL
suse3fedora2openvas15amazon1ubuntu2nessus15debian1osv2mageia1cvelist1cve1ubuntucve1freebsd1alpinelinux1altlinux3symantec1prion1debiancve1cbl_mariner1gentoo1