{"id": "FEDORA_2018-CB339851E7.NASL", "bulletinFamily": "scanner", "title": "Fedora 27 : clamav (2018-cb339851e7)", "description": "ClamAV 0.99.3 =============\n\nThis release is a security release and is recommended for all ClamAV\nusers. Please see details below :\n\n1. ClamAV UAF (use-after-free) Vulnerabilities (CVE-2017-12374)\n\n---------------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing operations. If successfully\nexploited, the ClamAV software could allow a variable pointing to the\nmail body which could cause a used after being free (use-after-free)\ninstance which may lead to a disruption of services on an affected\ndevice to include a denial of service condition.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11939\n\n2. ClamAV Buffer Overflow Vulnerability (CVE-2017-12375)\n\n--------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing functions. An unauthenticated,\nremote attacker could exploit this vulnerability by sending a crafted\nemail to the affected device. This action could cause a buffer\noverflow condition when ClamAV scans the malicious email, allowing the\nattacker to potentially cause a DoS condition on an affected device.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11940\n\n3. ClamAV Buffer Overflow in handle_pdfname Vulnerability\n(CVE-2017-12376)\n\n----------------------------------------------------------------------\n----\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to\nan affected device. An unauthenticated, remote attacker could exploit\nthis vulnerability by sending a crafted .pdf file to an affected\ndevice. This action could cause a buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11942\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n4. ClamAV Mew Packet Heap Overflow Vulnerability (CVE-2017-12377)\n\n-----------------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A\nsuccessful exploit could cause a heap overflow condition when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected\ndevice.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11943\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n5. ClamAV Buffer Over Read Vulnerability (CVE-2017-12378)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms of .tar (Tape Archive) files sent to an affected device. A\nsuccessful exploit could cause a buffer over-read condition when\nClamAV scans the malicious .tar file, potentially allowing the\nattacker to cause a DoS condition on the affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11946\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n6. ClamAV Buffer Overflow in messageAddArgument Vulnerability\n(CVE-2017-12379)\n\n----------------------------------------------------------------------\n--------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could\ncause a buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11944\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n7. ClamAV Null Dereference Vulnerability (CVE-2017-12380)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS condition.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11945\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nFurther fixes/changes\n\n---------------------\n\nAlso included are 2 minor fixes to properly detect openssl install\nlocations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#\nversion numbers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "published": "2018-01-30T00:00:00", "modified": "2018-01-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/106465", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb339851e7"], "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "type": "nessus", "lastseen": "2021-01-07T10:21:39", "edition": 19, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310851691", "OPENVAS:1361412562310874100", "OPENVAS:1361412562310843290", "OPENVAS:1361412562310843438", "OPENVAS:1361412562310812509", "OPENVAS:1361412562310874063", "OPENVAS:1361412562310891261", "OPENVAS:1361412562310813520", "OPENVAS:1361412562310875200", "OPENVAS:1361412562310812510"]}, {"type": "fedora", "idList": ["FEDORA:3CA78606D162", "FEDORA:682846030B04", "FEDORA:1807C624B08A", "FEDORA:F0C3560EA463", "FEDORA:1009560E3770", "FEDORA:964A26002CF7", "FEDORA:4D2A860BA919", "FEDORA:06420604AF9F", "FEDORA:2BD426149B3C", "FEDORA:F2D026078F6E"]}, {"type": "amazon", "idList": ["ALAS-2018-976", "ALAS-2018-958"]}, {"type": "nessus", "idList": ["OPENSUSE-2018-102.NASL", "SUSE_SU-2018-0255-1.NASL", "GENTOO_GLSA-201801-19.NASL", "CLAMAV_0_99_3.NASL", "SUSE_SU-2018-0254-1.NASL", "UBUNTU_USN-3550-1.NASL", "ALA_ALAS-2018-958.NASL", "FREEBSD_PKG_B464F61B84C74E1C8AD46CF9EFFFD025.NASL", "DEBIAN_DLA-1261.NASL", "FEDORA_2018-958B22C73F.NASL"]}, {"type": "archlinux", "idList": ["ASA-201803-14", "ASA-201802-9", "ASA-201802-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0258-1", "SUSE-SU-2018:0809-1", "SUSE-SU-2018:0254-1", "SUSE-SU-2018:0863-1", "SUSE-SU-2018:0255-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3946-1:08B21", "DEBIAN:DLA-1105-1:10F58", "DEBIAN:DLA-1261-1:E8CFB", "DEBIAN:DLA-1279-1:9A0A5"]}, {"type": "freebsd", "idList": ["B464F61B-84C7-4E1C-8AD4-6CF9EFFFD025"]}, {"type": "ubuntu", "idList": ["USN-3393-2", "USN-3550-2", "USN-3550-1", "USN-3394-1", "USN-3393-1"]}, {"type": "gentoo", "idList": ["GLSA-201801-19", "GLSA-201804-16"]}, {"type": "cve", "idList": ["CVE-2017-12376", "CVE-2017-12380", "CVE-2017-12375", "CVE-2017-6419", "CVE-2017-12379", "CVE-2017-6418", "CVE-2017-12378", "CVE-2017-12377", "CVE-2017-6420", "CVE-2017-12374"]}], "modified": "2021-01-07T10:21:39", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2021-01-07T10:21:39", "rev": 2}, "vulnersScore": 7.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-cb339851e7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106465);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_xref(name:\"FEDORA\", value:\"2018-cb339851e7\");\n\n script_name(english:\"Fedora 27 : clamav (2018-cb339851e7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ClamAV 0.99.3 =============\n\nThis release is a security release and is recommended for all ClamAV\nusers. Please see details below :\n\n1. ClamAV UAF (use-after-free) Vulnerabilities (CVE-2017-12374)\n\n---------------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing operations. If successfully\nexploited, the ClamAV software could allow a variable pointing to the\nmail body which could cause a used after being free (use-after-free)\ninstance which may lead to a disruption of services on an affected\ndevice to include a denial of service condition.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11939\n\n2. ClamAV Buffer Overflow Vulnerability (CVE-2017-12375)\n\n--------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing functions. An unauthenticated,\nremote attacker could exploit this vulnerability by sending a crafted\nemail to the affected device. This action could cause a buffer\noverflow condition when ClamAV scans the malicious email, allowing the\nattacker to potentially cause a DoS condition on an affected device.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11940\n\n3. ClamAV Buffer Overflow in handle_pdfname Vulnerability\n(CVE-2017-12376)\n\n----------------------------------------------------------------------\n----\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to\nan affected device. An unauthenticated, remote attacker could exploit\nthis vulnerability by sending a crafted .pdf file to an affected\ndevice. This action could cause a buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11942\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n4. ClamAV Mew Packet Heap Overflow Vulnerability (CVE-2017-12377)\n\n-----------------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A\nsuccessful exploit could cause a heap overflow condition when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected\ndevice.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11943\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n5. ClamAV Buffer Over Read Vulnerability (CVE-2017-12378)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms of .tar (Tape Archive) files sent to an affected device. A\nsuccessful exploit could cause a buffer over-read condition when\nClamAV scans the malicious .tar file, potentially allowing the\nattacker to cause a DoS condition on the affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11946\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n6. ClamAV Buffer Overflow in messageAddArgument Vulnerability\n(CVE-2017-12379)\n\n----------------------------------------------------------------------\n--------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could\ncause a buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11944\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n7. ClamAV Null Dereference Vulnerability (CVE-2017-12380)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS condition.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11945\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nFurther fixes/changes\n\n---------------------\n\nAlso included are 2 minor fixes to properly detect openssl install\nlocations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#\nversion numbers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb339851e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"clamav-0.99.3-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "106465", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:clamav"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "immutableFields": []}

{"openvas": [{"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-01-30T00:00:00", "id": "OPENVAS:1361412562310874063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874063", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2018-cb339851e7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_cb339851e7_clamav_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for clamav FEDORA-2018-cb339851e7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874063\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-30 07:55:51 +0100 (Tue, 30 Jan 2018)\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\",\n \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6420\",\n \"CVE-2017-6419\", \"CVE-2017-6418\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for clamav FEDORA-2018-cb339851e7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-cb339851e7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2ULSX6GBGUOCP4V67LMFVR2C7DKKXCU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.99.3~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310874100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874100", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2018-958b22c73f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_958b22c73f_clamav_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for clamav FEDORA-2018-958b22c73f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874100\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 08:07:38 +0100 (Wed, 07 Feb 2018)\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\",\n \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6420\",\n \"CVE-2017-6419\", \"CVE-2017-6418\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for clamav FEDORA-2018-958b22c73f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-958b22c73f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XXCWOLKRQGFO5TJ663YKKUMM344DKSC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.99.3~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:34:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-01-29T00:00:00", "id": "OPENVAS:1361412562310851691", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851691", "type": "openvas", "title": "openSUSE: Security Advisory for clamav (openSUSE-SU-2018:0258-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851691\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 07:46:42 +0100 (Mon, 29 Jan 2018)\");\n script_cve_id(\"CVE-2017-11423\", \"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\",\n \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\",\n \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for clamav (openSUSE-SU-2018:0258-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for clamav fixes the following issues:\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)\n\n * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)\n\n * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument\n Vulnerability)\n\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition\n or potentially execute arbitrary code on an affected device.\n\n * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition on an affected\n device.\n\n * CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers to cause a\n denial of service (use-after-free) via a crafted PE file with WWPack\n compression.\n\n * CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a denial of\n service (heap-based buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted CHM file.\n\n * CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a denial of\n service (stack-based buffer over-read and application crash) via a\n crafted CAB file.\n\n * CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted e-mail message.\n\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal in Leap\n bsc#1040662\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"clamav on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0258-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00078.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.99.3~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"clamav-debuginfo\", rpm:\"clamav-debuginfo~0.99.3~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"clamav-debugsource\", rpm:\"clamav-debugsource~0.99.3~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "This host is installed with ClamAV and is\n prone to multiple vulnerabilities.", "modified": "2018-10-23T00:00:00", "published": "2018-01-29T00:00:00", "id": "OPENVAS:1361412562310812509", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812509", "type": "openvas", "title": "ClamAV 'messageAddArgument' Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_clamav_message_add_argument_mult_vuln_win.nasl 12025 2018-10-23 08:16:52Z mmartin $\n#\n# ClamAV 'messageAddArgument' Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:clamav:clamav\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812509\");\n script_version(\"$Revision: 12025 $\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\",\n \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-23 10:16:52 +0200 (Tue, 23 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 12:57:18 +0530 (Mon, 29 Jan 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"ClamAV 'messageAddArgument' Multiple Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ClamAV and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - A lack of input validation checking mechanisms during certain mail parsing\n operations and functions.\n\n - An improper input validation checking mechanisms when handling Portable\n Document Format (.pdf) files sent to an affected device.\n\n - An improper input validation checking mechanisms in mew packet files\n sent to an affected device.\n\n - An improper input validation checking mechanisms of '.tar' (Tape Archive)\n files sent to an affected device.\n\n - An improper input validation checking mechanisms in the message parsing\n function on an affected system.\n\n - An improper input validation checking mechanisms during certain mail\n parsing functions of the ClamAV software.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to cause a denial of service and potentially execute arbitrary code\n on the affected device.\");\n\n script_tag(name:\"affected\", value:\"ClamAV version 0.99.2 and prior on Windows\");\n\n script_tag(name:\"solution\", value:\"Update to version 0.99.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_clamav_remote_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ClamAV/remote/Ver\", \"Host/runs_windows\");\n script_require_ports(3310);\n script_xref(name:\"URL\", value:\"https://www.clamav.net/downloads\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!clamPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:clamPort, exit_no_version:TRUE)) exit(0);\nclamVer = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:clamVer, test_version:\"0.99.3\")){\n report = report_fixed_ver(installed_version:clamVer, fixed_version:\"0.99.3\", install_path:path);\n security_message(data:report, port:clamPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-01-31T00:00:00", "id": "OPENVAS:1361412562310843438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843438", "type": "openvas", "title": "Ubuntu Update for clamav USN-3550-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3550_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for clamav USN-3550-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843438\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:55:06 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12379\",\n \"CVE-2017-12380\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for clamav USN-3550-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ClamAV incorrectly\n handled parsing certain mail messages. A remote attacker could use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly execute\n arbitrary code. (CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)\n It was discovered that ClamAV incorrectly handled parsing certain PDF files. A\n remote attacker could use this issue to cause ClamAV to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2017-12376) It was\n discovered that ClamAV incorrectly handled parsing certain mew packet files. A\n remote attacker could use this issue to cause ClamAV to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2017-12377) It was\n discovered that ClamAV incorrectly handled parsing certain TAR files. A remote\n attacker could possibly use this issue to cause ClamAV to crash, resulting in a\n denial of service. (CVE-2017-12378) In the default installation, attackers would\n be isolated by the ClamAV AppArmor profile.\");\n script_tag(name:\"affected\", value:\"clamav on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3550-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3550-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.3+addedllvm-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.3+addedllvm-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.3+addedllvm-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "This host is installed with ClamAV and is\n prone to multiple vulnerabilities.", "modified": "2018-10-23T00:00:00", "published": "2018-01-29T00:00:00", "id": "OPENVAS:1361412562310812510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812510", "type": "openvas", "title": "ClamAV 'messageAddArgument' Multiple Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_clamav_message_add_argument_mult_vuln_lin.nasl 12025 2018-10-23 08:16:52Z mmartin $\n#\n# ClamAV 'messageAddArgument' Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:clamav:clamav\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812510\");\n script_version(\"$Revision: 12025 $\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\",\n \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-23 10:16:52 +0200 (Tue, 23 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 13:19:21 +0530 (Mon, 29 Jan 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"ClamAV 'messageAddArgument' Multiple Vulnerabilities (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ClamAV and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - A lack of input validation checking mechanisms during certain mail parsing\n operations and functions.\n\n - An improper input validation checking mechanisms when handling Portable\n Document Format (.pdf) files sent to an affected device.\n\n - An improper input validation checking mechanisms in mew packet files\n sent to an affected device.\n\n - An improper input validation checking mechanisms of '.tar' (Tape Archive)\n files sent to an affected device.\n\n - An improper input validation checking mechanisms in the message parsing\n function on an affected system.\n\n - An improper input validation checking mechanisms during certain mail\n parsing functions of the ClamAV software.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to cause a denial of service and potentially execute arbitrary code\n on the affected device.\");\n\n script_tag(name:\"affected\", value:\"ClamAV version 0.99.2 and prior on Linux\");\n\n script_tag(name:\"solution\", value:\"Update to version 0.99.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_clamav_remote_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ClamAV/remote/Ver\", \"Host/runs_unixoide\");\n script_require_ports(3310);\n script_xref(name:\"URL\", value:\"https://www.clamav.net/downloads\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!clamPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:clamPort, exit_no_version:TRUE)) exit(0);\nclamVer = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:clamVer, test_version:\"0.99.3\")){\n report = report_fixed_ver(installed_version:clamVer, fixed_version:\"0.99.3\", install_path:path);\n security_message(data:report, port:clamPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:11:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "Multiple vulnerabilities have been discovered in clamav, the ClamAV\nAntiVirus toolkit for Unix. Effects range from denial of service to\npotential arbitrary code execution. Additionally, this version fixes\na longstanding issue that has recently resurfaced whereby a malformed\nvirus signature database can cause an application crash and denial of\nservice.\n\nCVE-2017-12374\n\nClamAV has a use-after-free condition arising from a lack of input\nvalidation. A remote attacker could exploit this vulnerability with\na crafted email message to cause a denial of service.\n\nCVE-2017-12375\n\nClamAV has a buffer overflow vulnerability arising from a lack of\ninput validation. An unauthenticated remote attacker could send a\ncrafted email message to the affected device, triggering a buffer\noverflow and potentially a denial of service when the malicious\nmessage is scanned.\n\nCVE-2017-12376\n\nClamAV has a buffer overflow vulnerability arising from improper\ninput validation when handling Portable Document Format (PDF) files.\nAn unauthenticated remote attacker could send a crafted PDF file to\nthe affected device, triggering a buffer overflow and potentially a\ndenial of service or arbitrary code execution when the malicious\nfile is scanned.\n\nCVE-2017-12377\n\nClamAV has a heap overflow vulnerability arising from improper input\nvalidation when handling mew packets. An attacker could exploit this\nby sending a crafted message to the affected device, triggering a\ndenial of service or possible arbitrary code execution when the\nmalicious file is scanned.\n\nCVE-2017-12378\n\nClamAV has a buffer overread vulnerability arising from improper\ninput validation when handling tape archive (TAR) files. An\nunauthenticated remote attacker could send a crafted TAR file to\nthe affected device, triggering a buffer overread and potentially a\ndenial of service when the malicious file is scanned.\n\nCVE-2017-12379\n\nClamAV has a buffer overflow vulnerability arising from improper\ninput validation in the message parsing function. An unauthenticated\nremote attacker could send a crafted email message to the affected\ndevice, triggering a buffer overflow and potentially a denial of\nservice or arbitrary code execution when the malicious message is\nscanned.\n\nCVE-2017-12380\n\nClamAV has a NULL dereference vulnerability arising from improper\ninput validation in the message parsing function. An unauthenticated\nremote attacker could send a crafted email message to the affected\ndevice, triggering a NULL pointer dereference, which may result in a\ndenial of service.\n\nDebian Bug #824196\n\nA malformed virus signature database could cause an application\ncrash and denial of service.", "modified": "2020-01-29T00:00:00", "published": "2018-01-31T00:00:00", "id": "OPENVAS:1361412562310891261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891261", "type": "openvas", "title": "Debian LTS: Security Advisory for clamav (DLA-1261-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891261\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\");\n script_name(\"Debian LTS: Security Advisory for clamav (DLA-1261-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 00:00:00 +0100 (Wed, 31 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"clamav on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n0.99.2+dfsg-0+deb7u4.\n\nWe recommend that you upgrade your clamav packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in clamav, the ClamAV\nAntiVirus toolkit for Unix. Effects range from denial of service to\npotential arbitrary code execution. Additionally, this version fixes\na longstanding issue that has recently resurfaced whereby a malformed\nvirus signature database can cause an application crash and denial of\nservice.\n\nCVE-2017-12374\n\nClamAV has a use-after-free condition arising from a lack of input\nvalidation. A remote attacker could exploit this vulnerability with\na crafted email message to cause a denial of service.\n\nCVE-2017-12375\n\nClamAV has a buffer overflow vulnerability arising from a lack of\ninput validation. An unauthenticated remote attacker could send a\ncrafted email message to the affected device, triggering a buffer\noverflow and potentially a denial of service when the malicious\nmessage is scanned.\n\nCVE-2017-12376\n\nClamAV has a buffer overflow vulnerability arising from improper\ninput validation when handling Portable Document Format (PDF) files.\nAn unauthenticated remote attacker could send a crafted PDF file to\nthe affected device, triggering a buffer overflow and potentially a\ndenial of service or arbitrary code execution when the malicious\nfile is scanned.\n\nCVE-2017-12377\n\nClamAV has a heap overflow vulnerability arising from improper input\nvalidation when handling mew packets. An attacker could exploit this\nby sending a crafted message to the affected device, triggering a\ndenial of service or possible arbitrary code execution when the\nmalicious file is scanned.\n\nCVE-2017-12378\n\nClamAV has a buffer overread vulnerability arising from improper\ninput validation when handling tape archive (TAR) files. An\nunauthenticated remote attacker could send a crafted TAR file to\nthe affected device, triggering a buffer overread and potentially a\ndenial of service when the malicious file is scanned.\n\nCVE-2017-12379\n\nClamAV has a buffer overflow vulnerability arising from improper\ninput validation in the message parsing function. An unauthenticated\nremote attacker could send a crafted email message to the affected\ndevice, triggering a buffer overflow and potentially a denial of\nservice or arbitrary code execution when the malicious message is\nscanned.\n\nCVE-2017-12380\n\nClamAV has a NULL dereference vulnerability arising from improper\ninput validation in the message parsing function. An unauthenticated\nremote attacker could send a crafted email message to the affected\ndevice, triggering a NULL pointer dereference, which may result in a\ndenial of service.\n\nDebian Bug #824196\n\nA malformed virus signature database could cause an application\ncrash and denial of service.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-base\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-daemon\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-dbg\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-docs\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-freshclam\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-milter\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"clamav-testfiles\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libclamav-dev\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libclamav7\", ver:\"0.99.2+dfsg-0+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "This host is running QNAP QTS and is prone\n to multiple ClamAV vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2018-06-11T00:00:00", "id": "OPENVAS:1361412562310813520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813520", "type": "openvas", "title": "QNAP QTS Multiple ClamAV Vulnerabilities-June18", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# QNAP QTS Multiple ClamAV Vulnerabilities-June18\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813520\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\",\n \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-11 17:13:13 +0530 (Mon, 11 Jun 2018)\");\n script_name(\"QNAP QTS Multiple ClamAV Vulnerabilities-June18\");\n\n script_tag(name:\"summary\", value:\"This host is running QNAP QTS and is prone\n to multiple ClamAV vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to -\n\n - A lack of input validation checking mechanisms during certain mail parsing\n operations and functions.\n\n - An improper input validation checking mechanisms when handling Portable\n Document Format (.pdf) files sent to an affected device.\n\n - An improper input validation checking mechanisms in mew packet files\n sent to an affected device.\n\n - An improper input validation checking mechanisms of '.tar' (Tape Archive)\n files sent to an affected device.\n\n - An improper input validation checking mechanisms in the message parsing\n function on an affected system.\n\n - An improper input validation checking mechanisms during certain mail\n parsing functions of the ClamAV software.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to launch denial of service (DoS) attacks or run arbitrary code on\n the NAS.\");\n\n script_tag(name:\"affected\", value:\"QNAP QTS versions 4.2.6 build 20171208 and\n earlier, 4.3.3 build 20180126 and earlier, 4.3.4 build 20180323 and earlier.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to QNAP QTS 4.2.6 build 20180504,\n 4.3.3 build 20180402 or 4.3.4 build 20180413 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"https://www.qnap.com/en-in/security-advisory/nas-201805-10\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_dependencies(\"gb_qnap_nas_detect.nasl\");\n script_mandatory_keys(\"qnap/qts\", \"qnap/version\", \"qnap/build\", \"qnap/port\");\n script_require_ports(\"Services/www\", 80, 8080);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif(!version = get_kb_item(\"qnap/version\")) exit(0);\nif(!build = get_kb_item(\"qnap/build\")) exit(0);\nif(!port = get_kb_item(\"qnap/port\")) exit(0);\n\ncv = version + '.' + build;\n\nif( cv =~ \"^4\\.2\\.6\" && version_is_less(version:cv, test_version: \"4.2.6.20180504\"))\n{\n fix = \"4.2.6\";\n fix_build = \"20180504\";\n}\n\nelse if( cv =~ \"^4\\.3\\.3\" && version_is_less(version:cv, test_version: \"4.3.3.20180402\"))\n{\n fix = \"4.3.3\";\n fix_build = \"20180402\";\n}\n\nelse if( cv =~ \"^4\\.3\\.4\" && version_is_less(version:cv, test_version: \"4.3.4.20180413\"))\n{\n fix = \"4.3.4\";\n fix_build = \"20180413\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:version, installed_build:build, fixed_version:fix, fixed_build:fix_build);\n security_message( port: port, data: report );\n exit( 0 );\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2018-14682", "CVE-2017-6420", "CVE-2018-14680", "CVE-2017-6418", "CVE-2018-14679", "CVE-2018-15378", "CVE-2018-1000085", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2018-14681", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2018-0202", "CVE-2017-6419", "CVE-2012-6706"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310875200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875200", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2018-1fc39f2d13", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1fc39f2d13_clamav_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for clamav FEDORA-2018-1fc39f2d13\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875200\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 06:38:06 +0200 (Wed, 17 Oct 2018)\");\n script_cve_id(\"CVE-2018-15378\", \"CVE-2018-14680\", \"CVE-2018-14681\", \"CVE-2018-14682\",\n \"CVE-2018-14679\", \"CVE-2012-6706\", \"CVE-2017-6419\", \"CVE-2017-11423\",\n \"CVE-2018-1000085\", \"CVE-2018-0202\", \"CVE-2017-12374\", \"CVE-2017-12375\",\n \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\",\n \"CVE-2017-12380\", \"CVE-2017-6420\", \"CVE-2017-6418\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for clamav FEDORA-2018-1fc39f2d13\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1fc39f2d13\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4OAK7NHFUENOT57B7HZBDLSLSAOFVEZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.100.2~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-6419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-08-18T00:00:00", "id": "OPENVAS:1361412562310843290", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843290", "type": "openvas", "title": "Ubuntu Update for clamav USN-3393-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3393_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for clamav USN-3393-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843290\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-18 07:33:56 +0200 (Fri, 18 Aug 2017)\");\n script_cve_id(\"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for clamav USN-3393-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ClamAV incorrectly\n handled parsing certain e-mail messages. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service.\n (CVE-2017-6418) It was discovered that ClamAV incorrectly handled certain\n malformed CHM files. A remote attacker could use this issue to cause ClamAV to\n crash, resulting in a denial of service, or possibly execute arbitrary code.\n This issue only affected Ubuntu 14.04 LTS. In the default installation,\n attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419) It\n was discovered that ClamAV incorrectly handled parsing certain PE files with\n WWPack compression. A remote attacker could possibly use this issue to cause\n ClamAV to crash, resulting in a denial of service. (CVE-2017-6420)\");\n script_tag(name:\"affected\", value:\"clamav on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3393-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3393-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.2+addedllvm-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.2+dfsg-6ubuntu0.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.99.2+dfsg-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380", "CVE-2017-6418", "CVE-2017-6419", "CVE-2017-6420"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-02-06T10:54:02", "published": "2018-02-06T10:54:02", "id": "FEDORA:F2D026078F6E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: clamav-0.99.3-1.fc26", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380", "CVE-2017-6418", "CVE-2017-6419", "CVE-2017-6420"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-01-29T18:09:32", "published": "2018-01-29T18:09:32", "id": "FEDORA:4D2A860BA919", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: clamav-0.99.3-1.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6706", "CVE-2017-11423", "CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380", "CVE-2017-6418", "CVE-2017-6419", "CVE-2017-6420", "CVE-2018-0202", "CVE-2018-1000085", "CVE-2018-14679", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-15378"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-10-16T12:10:03", "published": "2018-10-16T12:10:03", "id": "FEDORA:06420604AF9F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: clamav-0.100.2-2.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6418", "CVE-2017-6420"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-01-25T07:15:31", "published": "2018-01-25T07:15:31", "id": "FEDORA:2BD426149B3C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: clamav-0.99.2-18.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6418", "CVE-2017-6420"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-01-26T17:56:49", "published": "2018-01-26T17:56:49", "id": "FEDORA:964A26002CF7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: clamav-0.99.2-18.fc26", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11423", "CVE-2017-6419"], "description": "The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. ", "modified": "2017-09-23T20:23:32", "published": "2017-09-23T20:23:32", "id": "FEDORA:1009560E3770", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: libmspack-0.6-0.1.alpha.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11423", "CVE-2017-6419"], "description": "The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. ", "modified": "2017-09-30T07:38:01", "published": "2017-09-30T07:38:01", "id": "FEDORA:1807C624B08A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libmspack-0.6-0.1.alpha.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11423", "CVE-2017-6419"], "description": "The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. ", "modified": "2017-10-08T03:50:40", "published": "2017-10-08T03:50:40", "id": "FEDORA:3CA78606D162", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libmspack-0.6-0.1.alpha.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6706", "CVE-2017-6419", "CVE-2018-0202", "CVE-2018-1000085"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-03-13T17:20:59", "published": "2018-03-13T17:20:59", "id": "FEDORA:682846030B04", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: clamav-0.99.4-1.fc26", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6706", "CVE-2017-6419", "CVE-2018-0202", "CVE-2018-1000085"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2018-03-06T17:36:57", "published": "2018-03-06T17:36:57", "id": "FEDORA:F0C3560EA463", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: clamav-0.99.4-1.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-04-01T01:24:45", "description": "Heap-based buffer overflow in mspack/lzxd.c :\n\nmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows\nremote attackers to cause a denial of service (heap-based buffer\noverflow and application crash) or possibly have unspecified other\nimpact via a crafted CHM file.(CVE-2017-6419)\n\nThe wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows\nremote attackers to cause a denial of service (use-after-free) via a\ncrafted PE file with WWPack compression.(CVE-2017-6420)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms when handling Portable\nDocument Format (.pdf) files sent to an affected device. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted .pdf file to an affected device. This action could\ncause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code. (CVE-2017-12376)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nof .tar (Tape Archive) files sent to an affected device. A successful\nexploit could cause a checksum buffer over-read condition when ClamAV\nscans the malicious .tar file, potentially allowing the attacker to\ncause a DoS condition on the affected device.(CVE-2017-12378)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing functions (the rfc2047 function in\nmbox.c). An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. This\naction could cause a buffer overflow condition when ClamAV scans the\nmalicious email, allowing the attacker to potentially cause a DoS\ncondition on an affected device.(CVE-2017-12375)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in the message parsing\nfunction on an affected system. An unauthenticated, remote attacker\ncould exploit this vulnerability by sending a crafted email to the\naffected device. This action could cause a messageAddArgument (in\nmessage.c) buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.(CVE-2017-12379)\n\nlibclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause\na denial of service (out-of-bounds read) via a crafted e-mail\nmessage.(CVE-2017-6418)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing operations (mbox.c operations on bounce\nmessages). If successfully exploited, the ClamAV software could allow\na variable pointing to the mail body which could cause a used after\nbeing free (use-after-free) instance which may lead to a disruption of\nservices on an affected device to include a denial of service\ncondition.(CVE-2017-12374)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in mew packet files sent\nto an affected device. A successful exploit could cause a heap-based\nbuffer over-read condition in mew.c when ClamAV scans the malicious\nfile, allowing the attacker to cause a DoS condition or potentially\nexecute arbitrary code on the affected device.(CVE-2017-12377)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nin mbox.c during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS\ncondition.(CVE-2017-12380)", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-22T00:00:00", "title": "Amazon Linux AMI : clamav (ALAS-2018-958)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:clamav-devel", "p-cpe:/a:amazon:linux:clamav", "p-cpe:/a:amazon:linux:clamd", "p-cpe:/a:amazon:linux:clamav-server", "p-cpe:/a:amazon:linux:clamav-milter-sysvinit", "p-cpe:/a:amazon:linux:clamav-milter", "p-cpe:/a:amazon:linux:clamav-server-sysvinit", "p-cpe:/a:amazon:linux:clamav-scanner", "p-cpe:/a:amazon:linux:clamav-db", "p-cpe:/a:amazon:linux:clamav-data-empty", "p-cpe:/a:amazon:linux:clamav-data", "p-cpe:/a:amazon:linux:clamav-scanner-sysvinit", "p-cpe:/a:amazon:linux:clamav-lib", "p-cpe:/a:amazon:linux:clamav-debuginfo", "p-cpe:/a:amazon:linux:clamav-filesystem", "p-cpe:/a:amazon:linux:clamav-update", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-958.NASL", "href": "https://www.tenable.com/plugins/nessus/106935", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-958.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106935);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_xref(name:\"ALAS\", value:\"2018-958\");\n\n script_name(english:\"Amazon Linux AMI : clamav (ALAS-2018-958)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Heap-based buffer overflow in mspack/lzxd.c :\n\nmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows\nremote attackers to cause a denial of service (heap-based buffer\noverflow and application crash) or possibly have unspecified other\nimpact via a crafted CHM file.(CVE-2017-6419)\n\nThe wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows\nremote attackers to cause a denial of service (use-after-free) via a\ncrafted PE file with WWPack compression.(CVE-2017-6420)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms when handling Portable\nDocument Format (.pdf) files sent to an affected device. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted .pdf file to an affected device. This action could\ncause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code. (CVE-2017-12376)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nof .tar (Tape Archive) files sent to an affected device. A successful\nexploit could cause a checksum buffer over-read condition when ClamAV\nscans the malicious .tar file, potentially allowing the attacker to\ncause a DoS condition on the affected device.(CVE-2017-12378)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing functions (the rfc2047 function in\nmbox.c). An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. This\naction could cause a buffer overflow condition when ClamAV scans the\nmalicious email, allowing the attacker to potentially cause a DoS\ncondition on an affected device.(CVE-2017-12375)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in the message parsing\nfunction on an affected system. An unauthenticated, remote attacker\ncould exploit this vulnerability by sending a crafted email to the\naffected device. This action could cause a messageAddArgument (in\nmessage.c) buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.(CVE-2017-12379)\n\nlibclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause\na denial of service (out-of-bounds read) via a crafted e-mail\nmessage.(CVE-2017-6418)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing operations (mbox.c operations on bounce\nmessages). If successfully exploited, the ClamAV software could allow\na variable pointing to the mail body which could cause a used after\nbeing free (use-after-free) instance which may lead to a disruption of\nservices on an affected device to include a denial of service\ncondition.(CVE-2017-12374)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in mew packet files sent\nto an affected device. A successful exploit could cause a heap-based\nbuffer over-read condition in mew.c when ClamAV scans the malicious\nfile, allowing the attacker to cause a DoS condition or potentially\nexecute arbitrary code on the affected device.(CVE-2017-12377)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nin mbox.c during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS\ncondition.(CVE-2017-12380)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-958.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update clamav' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-data-empty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-milter-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-scanner-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-update\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"clamav-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-data-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-data-empty-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-db-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-debuginfo-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-devel-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-filesystem-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-lib-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-milter-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-milter-sysvinit-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-scanner-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-scanner-sysvinit-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-server-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-server-sysvinit-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-update-0.99.3-1.28.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamd-0.99.3-1.28.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav / clamav-data / clamav-data-empty / clamav-db / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:19:45", "description": "ClamAV 0.99.3 =============\n\nThis release is a security release and is recommended for all ClamAV\nusers. Please see details below :\n\n1. ClamAV UAF (use-after-free) Vulnerabilities (CVE-2017-12374)\n\n---------------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing operations. If successfully\nexploited, the ClamAV software could allow a variable pointing to the\nmail body which could cause a used after being free (use-after-free)\ninstance which may lead to a disruption of services on an affected\ndevice to include a denial of service condition.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11939\n\n2. ClamAV Buffer Overflow Vulnerability (CVE-2017-12375)\n\n--------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing functions. An unauthenticated,\nremote attacker could exploit this vulnerability by sending a crafted\nemail to the affected device. This action could cause a buffer\noverflow condition when ClamAV scans the malicious email, allowing the\nattacker to potentially cause a DoS condition on an affected device.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11940\n\n3. ClamAV Buffer Overflow in handle_pdfname Vulnerability\n(CVE-2017-12376)\n\n----------------------------------------------------------------------\n----\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to\nan affected device. An unauthenticated, remote attacker could exploit\nthis vulnerability by sending a crafted .pdf file to an affected\ndevice. This action could cause a buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11942\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n4. ClamAV Mew Packet Heap Overflow Vulnerability (CVE-2017-12377)\n\n-----------------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A\nsuccessful exploit could cause a heap overflow condition when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected\ndevice.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11943\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n5. ClamAV Buffer Over Read Vulnerability (CVE-2017-12378)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms of .tar (Tape Archive) files sent to an affected device. A\nsuccessful exploit could cause a buffer over-read condition when\nClamAV scans the malicious .tar file, potentially allowing the\nattacker to cause a DoS condition on the affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11946\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n6. ClamAV Buffer Overflow in messageAddArgument Vulnerability\n(CVE-2017-12379)\n\n----------------------------------------------------------------------\n--------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could\ncause a buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11944\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n7. ClamAV Null Dereference Vulnerability (CVE-2017-12380)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS condition.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11945\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nFurther fixes/changes\n\n---------------------\n\nAlso included are 2 minor fixes to properly detect openssl install\nlocations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#\nversion numbers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-07T00:00:00", "title": "Fedora 26 : clamav (2018-958b22c73f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2018-02-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:clamav", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-958B22C73F.NASL", "href": "https://www.tenable.com/plugins/nessus/106639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-958b22c73f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106639);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n script_xref(name:\"FEDORA\", value:\"2018-958b22c73f\");\n\n script_name(english:\"Fedora 26 : clamav (2018-958b22c73f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ClamAV 0.99.3 =============\n\nThis release is a security release and is recommended for all ClamAV\nusers. Please see details below :\n\n1. ClamAV UAF (use-after-free) Vulnerabilities (CVE-2017-12374)\n\n---------------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing operations. If successfully\nexploited, the ClamAV software could allow a variable pointing to the\nmail body which could cause a used after being free (use-after-free)\ninstance which may lead to a disruption of services on an affected\ndevice to include a denial of service condition.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11939\n\n2. ClamAV Buffer Overflow Vulnerability (CVE-2017-12375)\n\n--------------------------------------------------------\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to a lack of input validation checking\nmechanisms during certain mail parsing functions. An unauthenticated,\nremote attacker could exploit this vulnerability by sending a crafted\nemail to the affected device. This action could cause a buffer\noverflow condition when ClamAV scans the malicious email, allowing the\nattacker to potentially cause a DoS condition on an affected device.\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11940\n\n3. ClamAV Buffer Overflow in handle_pdfname Vulnerability\n(CVE-2017-12376)\n\n----------------------------------------------------------------------\n----\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to\nan affected device. An unauthenticated, remote attacker could exploit\nthis vulnerability by sending a crafted .pdf file to an affected\ndevice. This action could cause a buffer overflow when ClamAV scans\nthe malicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11942\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n\n4. ClamAV Mew Packet Heap Overflow Vulnerability (CVE-2017-12377)\n\n-----------------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A\nsuccessful exploit could cause a heap overflow condition when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected\ndevice.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11943\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n5. ClamAV Buffer Over Read Vulnerability (CVE-2017-12378)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms of .tar (Tape Archive) files sent to an affected device. A\nsuccessful exploit could cause a buffer over-read condition when\nClamAV scans the malicious .tar file, potentially allowing the\nattacker to cause a DoS condition on the affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11946\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N /A:L\n\n6. ClamAV Buffer Overflow in messageAddArgument Vulnerability\n(CVE-2017-12379)\n\n----------------------------------------------------------------------\n--------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could\ncause a buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11944\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L /A:L\n\n7. ClamAV Null Dereference Vulnerability (CVE-2017-12380)\n\n---------------------------------------------------------\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to improper input validation checking\nmechanisms during certain mail parsing functions of the ClamAV\nsoftware. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted email to the affected device. An\nexploit could trigger a NULL pointer dereference condition when ClamAV\nscans the malicious email, which may result in a DoS condition.\n\n - https://bugzilla.clamav.net/show_bug.cgi?id=11945\n\n - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nFurther fixes/changes\n\n---------------------\n\nAlso included are 2 minor fixes to properly detect openssl install\nlocations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#\nversion numbers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-958b22c73f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"clamav-0.99.3-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:33:49", "description": "This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal\n in Leap bsc#1040662\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "openSUSE Security Update : clamav (openSUSE-2018-102)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2018-01-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:clamav-debuginfo", "p-cpe:/a:novell:opensuse:clamav-debugsource", "p-cpe:/a:novell:opensuse:clamav", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-102.NASL", "href": "https://www.tenable.com/plugins/nessus/106431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-102.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106431);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11423\", \"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n\n script_name(english:\"openSUSE Security Update : clamav (openSUSE-2018-102)\");\n script_summary(english:\"Check for the openSUSE-2018-102 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal\n in Leap bsc#1040662\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077732\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"clamav-0.99.3-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"clamav-debuginfo-0.99.3-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"clamav-debugsource-0.99.3-20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav / clamav-debuginfo / clamav-debugsource\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T06:48:58", "description": "This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal\n in Leap bsc#1040662\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0255-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:clamav", "p-cpe:/a:novell:suse_linux:clamav-debuginfo", "p-cpe:/a:novell:suse_linux:clamav-debugsource"], "id": "SUSE_SU-2018-0255-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0255-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106456);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-11423\", \"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0255-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal\n in Leap bsc#1040662\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12379/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6420/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180255-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28010530\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-176=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-176=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2018-176=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-176=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-176=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-176=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-176=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-176=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-176=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-176=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:clamav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:clamav-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"clamav-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"clamav-debuginfo-0.99.3-33.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"clamav-debugsource-0.99.3-33.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:50:37", "description": "This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0254-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "modified": "2018-01-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:clamav", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0254-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0254-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106455);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11423\", \"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\", \"CVE-2017-6418\", \"CVE-2017-6419\", \"CVE-2017-6420\");\n\n script_name(english:\"SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0254-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for clamav fixes the following issues :\n\n - Update to security release 0.99.3 (bsc#1077732)\n\n - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname\n Vulnerability)\n\n - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow\n Vulnerability)\n\n - CVE-2017-12379 (ClamAV Buffer Overflow in\n messageAddArgument Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition or potentially execute arbitrary\n code on an affected device.\n\n - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n\n - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n\n - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n\n - CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n\n - these vulnerabilities could have allowed an\n unauthenticated, remote attacker to cause a denial of\n service (DoS) condition on an affected device.\n\n - CVE-2017-6420 (bsc#1052448)\n\n - this vulnerability could have allowed remote attackers\n to cause a denial of service (use-after-free) via a\n crafted PE file with WWPack compression.\n\n - CVE-2017-6419 (bsc#1052449)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted CHM file.\n\n - CVE-2017-11423 (bsc#1049423)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted CAB file.\n\n - CVE-2017-6418 (bsc#1052466)\n\n - ClamAV could have allowed remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n e-mail message.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12379/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6420/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180254-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8167c28d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-clamav-13445=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-clamav-13445=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-clamav-13445=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-clamav-13445=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-clamav-13445=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"clamav-0.99.3-0.20.3.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"clamav-0.99.3-0.20.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:38:59", "description": "Multiple vulnerabilities have been discovered in clamav, the ClamAV\nAntiVirus toolkit for Unix. Effects range from denial of service to\npotential arbitrary code execution. Additionally, this version fixes a\nlongstanding issue that has recently resurfaced whereby a malformed\nvirus signature database can cause an application crash and denial of\nservice.\n\nCVE-2017-12374\n\nClamAV has a use-after-free condition arising from a lack of input\nvalidation. A remote attacker could exploit this vulnerability with a\ncrafted email message to cause a denial of service.\n\nCVE-2017-12375\n\nClamAV has a buffer overflow vulnerability arising from a lack of\ninput validation. An unauthenticated remote attacker could send a\ncrafted email message to the affected device, triggering a buffer\noverflow and potentially a denial of service when the malicious\nmessage is scanned.\n\nCVE-2017-12376\n\nClamAV has a buffer overflow vulnerability arising from improper input\nvalidation when handling Portable Document Format (PDF) files. An\nunauthenticated remote attacker could send a crafted PDF file to the\naffected device, triggering a buffer overflow and potentially a denial\nof service or arbitrary code execution when the malicious file is\nscanned.\n\nCVE-2017-12377\n\nClamAV has a heap overflow vulnerability arising from improper input\nvalidation when handling mew packets. An attacker could exploit this\nby sending a crafted message to the affected device, triggering a\ndenial of service or possible arbitrary code execution when the\nmalicious file is scanned.\n\nCVE-2017-12378\n\nClamAV has a buffer overread vulnerability arising from improper input\nvalidation when handling tape archive (TAR) files. An unauthenticated\nremote attacker could send a crafted TAR file to the affected device,\ntriggering a buffer overread and potentially a denial of service when\nthe malicious file is scanned.\n\nCVE-2017-12379\n\nClamAV has a buffer overflow vulnerability arising from improper input\nvalidation in the message parsing function. An unauthenticated remote\nattacker could send a crafted email message to the affected device,\ntriggering a buffer overflow and potentially a denial of service or\narbitrary code execution when the malicious message is scanned.\n\nCVE-2017-12380\n\nClamAV has a NULL dereference vulnerability arising from improper\ninput validation in the message parsing function. An unauthenticated\nremote attacker could send a crafted email message to the affected\ndevice, triggering a NULL pointer dereference, which may result in a\ndenial of service.\n\nDebian Bug #824196\n\nA malformed virus signature database could cause an application crash\nand denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.99.2+dfsg-0+deb7u4.\n\nWe recommend that you upgrade your clamav packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "Debian DLA-1261-1 : clamav security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "modified": "2018-01-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:clamav-testfiles", "p-cpe:/a:debian:debian_linux:clamav-base", "p-cpe:/a:debian:debian_linux:libclamav-dev", "p-cpe:/a:debian:debian_linux:clamav-freshclam", "p-cpe:/a:debian:debian_linux:clamav-daemon", "p-cpe:/a:debian:debian_linux:clamav-dbg", "p-cpe:/a:debian:debian_linux:clamav-docs", "p-cpe:/a:debian:debian_linux:clamav", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libclamav7", "p-cpe:/a:debian:debian_linux:clamav-milter"], "id": "DEBIAN_DLA-1261.NASL", "href": "https://www.tenable.com/plugins/nessus/106411", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1261-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106411);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\");\n\n script_name(english:\"Debian DLA-1261-1 : clamav security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in clamav, the ClamAV\nAntiVirus toolkit for Unix. Effects range from denial of service to\npotential arbitrary code execution. Additionally, this version fixes a\nlongstanding issue that has recently resurfaced whereby a malformed\nvirus signature database can cause an application crash and denial of\nservice.\n\nCVE-2017-12374\n\nClamAV has a use-after-free condition arising from a lack of input\nvalidation. A remote attacker could exploit this vulnerability with a\ncrafted email message to cause a denial of service.\n\nCVE-2017-12375\n\nClamAV has a buffer overflow vulnerability arising from a lack of\ninput validation. An unauthenticated remote attacker could send a\ncrafted email message to the affected device, triggering a buffer\noverflow and potentially a denial of service when the malicious\nmessage is scanned.\n\nCVE-2017-12376\n\nClamAV has a buffer overflow vulnerability arising from improper input\nvalidation when handling Portable Document Format (PDF) files. An\nunauthenticated remote attacker could send a crafted PDF file to the\naffected device, triggering a buffer overflow and potentially a denial\nof service or arbitrary code execution when the malicious file is\nscanned.\n\nCVE-2017-12377\n\nClamAV has a heap overflow vulnerability arising from improper input\nvalidation when handling mew packets. An attacker could exploit this\nby sending a crafted message to the affected device, triggering a\ndenial of service or possible arbitrary code execution when the\nmalicious file is scanned.\n\nCVE-2017-12378\n\nClamAV has a buffer overread vulnerability arising from improper input\nvalidation when handling tape archive (TAR) files. An unauthenticated\nremote attacker could send a crafted TAR file to the affected device,\ntriggering a buffer overread and potentially a denial of service when\nthe malicious file is scanned.\n\nCVE-2017-12379\n\nClamAV has a buffer overflow vulnerability arising from improper input\nvalidation in the message parsing function. An unauthenticated remote\nattacker could send a crafted email message to the affected device,\ntriggering a buffer overflow and potentially a denial of service or\narbitrary code execution when the malicious message is scanned.\n\nCVE-2017-12380\n\nClamAV has a NULL dereference vulnerability arising from improper\ninput validation in the message parsing function. An unauthenticated\nremote attacker could send a crafted email message to the affected\ndevice, triggering a NULL pointer dereference, which may result in a\ndenial of service.\n\nDebian Bug #824196\n\nA malformed virus signature database could cause an application crash\nand denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.99.2+dfsg-0+deb7u4.\n\nWe recommend that you upgrade your clamav packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/clamav\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-freshclam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav-testfiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libclamav-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libclamav7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"clamav\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-base\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-daemon\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-dbg\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-docs\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-freshclam\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-milter\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"clamav-testfiles\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libclamav-dev\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libclamav7\", reference:\"0.99.2+dfsg-0+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T02:57:32", "description": "ClamAV project reports :\n\nJoin us as we welcome ClamAV 0.99.3 to the family!.\n\nThis release is a security release and is recommended for all ClamAV\nusers.\n\nCVE-2017-12374 ClamAV UAF (use-after-free) Vulnerabilities\n\nCVE-2017-12375 ClamAV Buffer Overflow Vulnerability\n\nCVE-2017-12376 ClamAV Buffer Overflow in handle_pdfname Vulnerability\n\nCVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability\n\nCVE-2017-12378 ClamAV Buffer Over Read Vulnerability\n\nCVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument\nVulnerability\n\nCVE-2017-12380 ClamAV Null Dereference Vulnerability", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "FreeBSD : clamav -- multiple vulnerabilities (b464f61b-84c7-4e1c-8ad4-6cf9efffd025)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:clamav"], "id": "FREEBSD_PKG_B464F61B84C74E1C8AD46CF9EFFFD025.NASL", "href": "https://www.tenable.com/plugins/nessus/106427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106427);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/23 12:49:58\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\");\n\n script_name(english:\"FreeBSD : clamav -- multiple vulnerabilities (b464f61b-84c7-4e1c-8ad4-6cf9efffd025)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ClamAV project reports :\n\nJoin us as we welcome ClamAV 0.99.3 to the family!.\n\nThis release is a security release and is recommended for all ClamAV\nusers.\n\nCVE-2017-12374 ClamAV UAF (use-after-free) Vulnerabilities\n\nCVE-2017-12375 ClamAV Buffer Overflow Vulnerability\n\nCVE-2017-12376 ClamAV Buffer Overflow in handle_pdfname Vulnerability\n\nCVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability\n\nCVE-2017-12378 ClamAV Buffer Over Read Vulnerability\n\nCVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument\nVulnerability\n\nCVE-2017-12380 ClamAV Null Dereference Vulnerability\"\n );\n # http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.clamav.net/2018/01/clamav-0993-has-been-released.html\"\n );\n # https://vuxml.freebsd.org/freebsd/b464f61b-84c7-4e1c-8ad4-6cf9efffd025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b9c164f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"clamav<0.99.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T01:42:24", "description": "According to its version, the ClamAV clamd antivirus daemon running on\nthe remote host is prior to 0.99.3. It is, therefore, affected by\nmultiple vulnerabilities - one, which expose the system to a DoS \nattack and another, which provides potential adversaries with Remote \nCode Execution capabilities.\n", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-06T00:00:00", "title": "ClamAV < 0.99.3 Multiple libclamav DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:clamav:clamav"], "id": "CLAMAV_0_99_3.NASL", "href": "https://www.tenable.com/plugins/nessus/106610", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106610);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/06 11:26:07\");\n script_cve_id(\n \"CVE-2017-12374\",\n \"CVE-2017-12375\",\n \"CVE-2017-12376\",\n \"CVE-2017-12377\",\n \"CVE-2017-12378\",\n \"CVE-2017-12379\",\n \"CVE-2017-12380\"\n );\n\n script_name(english:\"ClamAV < 0.99.3 Multiple libclamav DoS\");\n script_summary(english:\"Checks the response to a clamd VERSION command.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The antivirus service running on the remote host is affected by\nmultiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the ClamAV clamd antivirus daemon running on\nthe remote host is prior to 0.99.3. It is, therefore, affected by\nmultiple vulnerabilities - one, which expose the system to a DoS \nattack and another, which provides potential adversaries with Remote \nCode Execution capabilities.\n\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.clamav.net/pipermail/clamav-announce/2018/000027.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ClamAV version 0.99.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:clamav:clamav\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"clamav_detect.nasl\");\n script_require_keys(\"Antivirus/ClamAV/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Antivirus/ClamAV/version\");\nport = get_service(svc:\"clamd\", default:3310, exit_on_fail:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n version =~ \"^0\\.(\\d|[0-8]\\d|9[0-8])($|[^0-9])\"\n ||\n version =~ \"^0.99($|-beta[12]|-rc[12])\"\n ||\n version =~ \"^0\\.99\\.[012]($|[^0-9])\"\n)\n{\n security_report_v4(\n port:port,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : 0.99.3' +\n '\\n'\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"ClamAV\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T03:08:59", "description": "The remote host is affected by the vulnerability described in GLSA-201801-19\n(ClamAV: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ClamAV. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could cause ClamAV to scan a specially crafted file,\n possibly resulting in execution of arbitrary code with the privileges of\n the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "GLSA-201801-19 : ClamAV: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:clamav"], "id": "GENTOO_GLSA-201801-19.NASL", "href": "https://www.tenable.com/plugins/nessus/106428", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201801-19.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106428);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\");\n script_xref(name:\"GLSA\", value:\"201801-19\");\n\n script_name(english:\"GLSA-201801-19 : ClamAV: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201801-19\n(ClamAV: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ClamAV. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could cause ClamAV to scan a specially crafted file,\n possibly resulting in execution of arbitrary code with the privileges of\n the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201801-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ClamAV users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.99.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-antivirus/clamav\", unaffected:make_list(\"ge 0.99.3\"), vulnerable:make_list(\"lt 0.99.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ClamAV\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T07:30:28", "description": "It was discovered that ClamAV incorrectly handled parsing certain mail\nmessages. A remote attacker could use this issue to cause ClamAV to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PDF\nfiles. A remote attacker could use this issue to cause ClamAV to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2017-12376)\n\nIt was discovered that ClamAV incorrectly handled parsing certain mew\npacket files. A remote attacker could use this issue to cause ClamAV\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2017-12377)\n\nIt was discovered that ClamAV incorrectly handled parsing certain TAR\nfiles. A remote attacker could possibly use this issue to cause ClamAV\nto crash, resulting in a denial of service. (CVE-2017-12378)\n\nIn the default installation, attackers would be isolated by the ClamAV\nAppArmor profile.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-31T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : clamav vulnerabilities (USN-3550-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04", "p-cpe:/a:canonical:ubuntu_linux:clamav"], "id": "UBUNTU_USN-3550-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106533", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3550-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106533);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2017-12374\", \"CVE-2017-12375\", \"CVE-2017-12376\", \"CVE-2017-12377\", \"CVE-2017-12378\", \"CVE-2017-12379\", \"CVE-2017-12380\");\n script_xref(name:\"USN\", value:\"3550-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : clamav vulnerabilities (USN-3550-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ClamAV incorrectly handled parsing certain mail\nmessages. A remote attacker could use this issue to cause ClamAV to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PDF\nfiles. A remote attacker could use this issue to cause ClamAV to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2017-12376)\n\nIt was discovered that ClamAV incorrectly handled parsing certain mew\npacket files. A remote attacker could use this issue to cause ClamAV\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2017-12377)\n\nIt was discovered that ClamAV incorrectly handled parsing certain TAR\nfiles. A remote attacker could possibly use this issue to cause ClamAV\nto crash, resulting in a denial of service. (CVE-2017-12378)\n\nIn the default installation, attackers would be isolated by the ClamAV\nAppArmor profile.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3550-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"clamav\", pkgver:\"0.99.3+addedllvm-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"clamav\", pkgver:\"0.99.3+addedllvm-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"clamav\", pkgver:\"0.99.3+addedllvm-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "**Issue Overview:**\n\nHeap-based buffer overflow in mspack/lzxd.c: \nmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.([CVE-2017-6419 __](<https://access.redhat.com/security/cve/CVE-2017-6419>))\n\nThe wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.([CVE-2017-6420 __](<https://access.redhat.com/security/cve/CVE-2017-6420>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code. ([CVE-2017-12376 __](<https://access.redhat.com/security/cve/CVE-2017-12376>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.([CVE-2017-12378 __](<https://access.redhat.com/security/cve/CVE-2017-12378>))\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.([CVE-2017-12375 __](<https://access.redhat.com/security/cve/CVE-2017-12375>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.([CVE-2017-12379 __](<https://access.redhat.com/security/cve/CVE-2017-12379>))\n\nlibclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.([CVE-2017-6418 __](<https://access.redhat.com/security/cve/CVE-2017-6418>)) \n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.([CVE-2017-12374 __](<https://access.redhat.com/security/cve/CVE-2017-12374>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.([CVE-2017-12377 __](<https://access.redhat.com/security/cve/CVE-2017-12377>))\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.([CVE-2017-12380 __](<https://access.redhat.com/security/cve/CVE-2017-12380>)) \n\n \n**Affected Packages:** \n\n\nclamav\n\n \n**Issue Correction:** \nRun _yum update clamav_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n clamav-db-0.99.3-1.28.amzn1.i686 \n clamav-milter-0.99.3-1.28.amzn1.i686 \n clamav-lib-0.99.3-1.28.amzn1.i686 \n clamav-debuginfo-0.99.3-1.28.amzn1.i686 \n clamd-0.99.3-1.28.amzn1.i686 \n clamav-devel-0.99.3-1.28.amzn1.i686 \n clamav-update-0.99.3-1.28.amzn1.i686 \n clamav-server-0.99.3-1.28.amzn1.i686 \n clamav-0.99.3-1.28.amzn1.i686 \n \n noarch: \n clamav-scanner-sysvinit-0.99.3-1.28.amzn1.noarch \n clamav-data-0.99.3-1.28.amzn1.noarch \n clamav-milter-sysvinit-0.99.3-1.28.amzn1.noarch \n clamav-scanner-0.99.3-1.28.amzn1.noarch \n clamav-data-empty-0.99.3-1.28.amzn1.noarch \n clamav-filesystem-0.99.3-1.28.amzn1.noarch \n clamav-server-sysvinit-0.99.3-1.28.amzn1.noarch \n \n src: \n clamav-0.99.3-1.28.amzn1.src \n \n x86_64: \n clamav-milter-0.99.3-1.28.amzn1.x86_64 \n clamav-lib-0.99.3-1.28.amzn1.x86_64 \n clamav-devel-0.99.3-1.28.amzn1.x86_64 \n clamav-server-0.99.3-1.28.amzn1.x86_64 \n clamav-debuginfo-0.99.3-1.28.amzn1.x86_64 \n clamav-db-0.99.3-1.28.amzn1.x86_64 \n clamd-0.99.3-1.28.amzn1.x86_64 \n clamav-0.99.3-1.28.amzn1.x86_64 \n clamav-update-0.99.3-1.28.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-02-20T21:35:00", "published": "2018-02-20T21:35:00", "id": "ALAS-2018-958", "href": "https://alas.aws.amazon.com/ALAS-2018-958.html", "title": "Medium: clamav", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000085", "CVE-2017-11423", "CVE-2018-0202", "CVE-2017-6419", "CVE-2012-6706"], "description": "**Issue Overview:**\n\nHeap-based buffer overflow in mspack/lzxd.c \nmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. ([CVE-2017-6419 __](<https://access.redhat.com/security/cve/CVE-2017-6419>))\n\nOut-of-bounds access in the PDF parser ([CVE-2018-0202 __](<https://access.redhat.com/security/cve/CVE-2018-0202>))\n\nA VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. ([CVE-2012-6706 __](<https://access.redhat.com/security/cve/CVE-2012-6706>))\n\nClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. ([CVE-2018-1000085 __](<https://access.redhat.com/security/cve/CVE-2018-1000085>))\n\nStack-based buffer over-read in cabd_read_string function \nThe cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. ([CVE-2017-11423 __](<https://access.redhat.com/security/cve/CVE-2017-11423>))\n\n \n**Affected Packages:** \n\n\nclamav\n\n \n**Issue Correction:** \nRun _yum update clamav_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n clamav-0.99.4-1.29.amzn1.i686 \n clamd-0.99.4-1.29.amzn1.i686 \n clamav-update-0.99.4-1.29.amzn1.i686 \n clamav-db-0.99.4-1.29.amzn1.i686 \n clamav-milter-0.99.4-1.29.amzn1.i686 \n clamav-debuginfo-0.99.4-1.29.amzn1.i686 \n clamav-lib-0.99.4-1.29.amzn1.i686 \n clamav-server-0.99.4-1.29.amzn1.i686 \n clamav-devel-0.99.4-1.29.amzn1.i686 \n \n noarch: \n clamav-milter-sysvinit-0.99.4-1.29.amzn1.noarch \n clamav-server-sysvinit-0.99.4-1.29.amzn1.noarch \n clamav-filesystem-0.99.4-1.29.amzn1.noarch \n clamav-data-empty-0.99.4-1.29.amzn1.noarch \n clamav-scanner-sysvinit-0.99.4-1.29.amzn1.noarch \n clamav-scanner-0.99.4-1.29.amzn1.noarch \n clamav-data-0.99.4-1.29.amzn1.noarch \n \n src: \n clamav-0.99.4-1.29.amzn1.src \n \n x86_64: \n clamav-devel-0.99.4-1.29.amzn1.x86_64 \n clamav-update-0.99.4-1.29.amzn1.x86_64 \n clamav-server-0.99.4-1.29.amzn1.x86_64 \n clamav-debuginfo-0.99.4-1.29.amzn1.x86_64 \n clamav-db-0.99.4-1.29.amzn1.x86_64 \n clamd-0.99.4-1.29.amzn1.x86_64 \n clamav-0.99.4-1.29.amzn1.x86_64 \n clamav-milter-0.99.4-1.29.amzn1.x86_64 \n clamav-lib-0.99.4-1.29.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-03-21T22:24:00", "published": "2018-03-21T22:24:00", "id": "ALAS-2018-976", "href": "https://alas.aws.amazon.com/ALAS-2018-976.html", "title": "Medium: clamav", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380", "CVE-2017-6418", "CVE-2017-6420"], "description": "Arch Linux Security Advisory ASA-201802-1\n=========================================\n\nSeverity: Critical\nDate : 2018-02-09\nCVE-ID : CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377\nCVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418\nCVE-2017-6420\nPackage : clamav\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-601\n\nSummary\n=======\n\nThe package clamav before version 0.99.3-1 is vulnerable to multiple\nissues including arbitrary code execution and denial of service.\n\nResolution\n==========\n\nUpgrade to 0.99.3-1.\n\n# pacman -Syu \"clamav>=0.99.3-1\"\n\nThe problems have been fixed upstream in version 0.99.3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-12374 (denial of service)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing operations (mbox.c operations on bounce\nmessages). If successfully exploited, the ClamAV software could allow a\nvariable pointing to the mail body which could cause a used after being\nfree (use-after-free) instance which may lead to a disruption of\nservices on an affected device to include a denial of service\ncondition.\n\n- CVE-2017-12375 (denial of service)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing functions (the rfc2047 function in mbox.c).\nAn unauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could cause\na buffer overflow condition when ClamAV scans the malicious email,\nallowing the attacker to potentially cause a DoS condition on an\naffected device.\n\n- CVE-2017-12376 (arbitrary code execution)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms when handling Portable\nDocument Format (.pdf) files sent to an affected device. An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted .pdf file to an affected device. This action could\ncause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the\nmalicious file, allowing the attacker to cause a DoS condition or\npotentially execute arbitrary code.\n\n- CVE-2017-12377 (arbitrary code execution)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in mew packet files sent\nto an affected device. A successful exploit could cause a heap-based\nbuffer over-read condition in mew.c when ClamAV scans the malicious\nfile, allowing the attacker to cause a DoS condition or potentially\nexecute arbitrary code on the affected device.\n\n- CVE-2017-12378 (denial of service)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nof .tar (Tape Archive) files sent to an affected device. A successful\nexploit could cause a checksum buffer over-read condition when ClamAV\nscans the malicious .tar file, potentially allowing the attacker to\ncause a DoS condition on the affected device.\n\n- CVE-2017-12379 (arbitrary code execution)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition or potentially execute\narbitrary code on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in the message parsing\nfunction on an affected system. An unauthenticated, remote attacker\ncould exploit this vulnerability by sending a crafted email to the\naffected device. This action could cause a messageAddArgument (in\nmessage.c) buffer overflow condition when ClamAV scans the malicious\nemail, allowing the attacker to potentially cause a DoS condition or\nexecute arbitrary code on an affected device.\n\n- CVE-2017-12380 (denial of service)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to improper input validation checking mechanisms\nin mbox.c during certain mail parsing functions of the ClamAV software.\nAn unauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. An exploit could\ntrigger a NULL pointer dereference condition when ClamAV scans the\nmalicious email, which may result in a DoS condition.\n\n- CVE-2017-6418 (denial of service)\n\nlibclamav/message.c in ClamAV before 0.99.3 allows remote attackers to\ncause a denial of service (out-of-bounds read) via a crafted e-mail\nmessage.\n\n- CVE-2017-6420 (denial of service)\n\nThe wwunpack function in libclamav/wwunpack.c in ClamAV before 0.99.3\nallows remote attackers to cause a denial of service (use-after-free)\nvia a crafted PE file with WWPack compression.\n\nImpact\n======\n\nA remote attacker is able to execute arbitrary code or crash the\napplication on the affected host when processing a maliciously crafted\nfile.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/57233\nhttp://blog.clamav.net/2018/01/clamav-0993-has-been-released.html\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11939\nhttps://github.com/Cisco-Talos/clamav-devel/commit/7cf2a701041b775dda9743d01665279facc9b326\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11940\nhttps://github.com/Cisco-Talos/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11942\nhttps://github.com/Cisco-Talos/clamav-devel/commit/c8ba4ae2e47a4f49add3e85ef7041b166be6bfdb\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11943\nhttps://github.com/Cisco-Talos/clamav-devel/commit/38da4800bfb2d6b13579950b6543302d13e3015c\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11946\nhttps://github.com/Cisco-Talos/clamav-devel/commit/292d6878fa3e7fd2ab0f7275a78190639ad116d4\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11944\nhttps://github.com/Cisco-Talos/clamav-devel/commit/0604618374dc0dfd148b0ce7bf7a3d2b7528e66b\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11945\nhttps://github.com/Cisco-Talos/clamav-devel/commit/39c89d14a61aef2958b8ea64ade1be7a5faca897\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11797\nhttps://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c\nhttps://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11798\nhttps://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc\nhttps://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/use-after-free/clamav-use-after-free-pe.md\nhttps://security.archlinux.org/CVE-2017-12374\nhttps://security.archlinux.org/CVE-2017-12375\nhttps://security.archlinux.org/CVE-2017-12376\nhttps://security.archlinux.org/CVE-2017-12377\nhttps://security.archlinux.org/CVE-2017-12378\nhttps://security.archlinux.org/CVE-2017-12379\nhttps://security.archlinux.org/CVE-2017-12380\nhttps://security.archlinux.org/CVE-2017-6418\nhttps://security.archlinux.org/CVE-2017-6420", "modified": "2018-02-09T00:00:00", "published": "2018-02-09T00:00:00", "id": "ASA-201802-1", "href": "https://security.archlinux.org/ASA-201802-1", "type": "archlinux", "title": "[ASA-201802-1] clamav: multiple issues", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11423", "CVE-2017-6419"], "description": "Arch Linux Security Advisory ASA-201802-9\n=========================================\n\nSeverity: Critical\nDate : 2018-02-20\nCVE-ID : CVE-2017-6419 CVE-2017-11423\nPackage : libmspack\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-603\n\nSummary\n=======\n\nThe package libmspack before version 1:0.6alpha-1 is vulnerable to\nmultiple issues including arbitrary code execution and denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 1:0.6alpha-1.\n\n# pacman -Syu \"libmspack>=1:0.6alpha-1\"\n\nThe problems have been fixed upstream in version 0.6alpha.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-6419 (arbitrary code execution)\n\nmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.3,\nallows remote attackers to cause a denial of service (heap-based buffer\noverflow and application crash) or possibly execute arbitrary code via\na crafted CHM file.\n\n- CVE-2017-11423 (denial of service)\n\nThe cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha,\nas used in ClamAV before 0.99.3 and other products, allows remote\nattackers to cause a denial of service (stack-based buffer over-read\nand application crash) via a crafted CAB file.\n\nImpact\n======\n\nA remote attacker is able to crash the application or execute arbitrary\ncode by providing a maliciously-crafted file.\n\nReferences\n==========\n\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11701\nhttps://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1\nhttps://github.com/kyz/libmspack/commit/6139a0b9e93fcb7fcf423e56aa825bc869e02229\nhttps://bugzilla.clamav.net/show_bug.cgi?id=11873\nhttps://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38\nhttps://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13\nhttps://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96\nhttps://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul\nhttps://security.archlinux.org/CVE-2017-6419\nhttps://security.archlinux.org/CVE-2017-11423", "modified": "2018-02-20T00:00:00", "published": "2018-02-20T00:00:00", "id": "ASA-201802-9", "href": "https://security.archlinux.org/ASA-201802-9", "type": "archlinux", "title": "[ASA-201802-9] libmspack: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-01-27T20:52:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "This update for clamav fixes the following issues:\n\n - Update to security release 0.99.3 (bsc#1077732)\n * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)\n * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)\n * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument\n Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition\n or potentially execute arbitrary code on an affected device.\n * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition on an affected\n device.\n * CVE-2017-6420 (bsc#1052448)\n - this vulnerability could have allowed remote attackers to cause a\n denial of service (use-after-free) via a crafted PE file with WWPack\n compression.\n * CVE-2017-6419 (bsc#1052449)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (heap-based buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted CHM file.\n * CVE-2017-11423 (bsc#1049423)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (stack-based buffer over-read and application crash) via a\n crafted CAB file.\n * CVE-2017-6418 (bsc#1052466)\n - ClamAV could have allowed remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted e-mail message.\n\n", "edition": 1, "modified": "2018-01-27T18:07:57", "published": "2018-01-27T18:07:57", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00074.html", "id": "SUSE-SU-2018:0254-1", "type": "suse", "title": "Security update for clamav (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-28T18:54:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "This update for clamav fixes the following issues:\n\n - Update to security release 0.99.3 (bsc#1077732)\n * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)\n * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)\n * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument\n Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition\n or potentially execute arbitrary code on an affected device.\n * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition on an affected\n device.\n * CVE-2017-6420 (bsc#1052448)\n - this vulnerability could have allowed remote attackers to cause a\n denial of service (use-after-free) via a crafted PE file with WWPack\n compression.\n * CVE-2017-6419 (bsc#1052449)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (heap-based buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted CHM file.\n * CVE-2017-11423 (bsc#1049423)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (stack-based buffer over-read and application crash) via a\n crafted CAB file.\n * CVE-2017-6418 (bsc#1052466)\n - ClamAV could have allowed remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted e-mail message.\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal in Leap\n bsc#1040662\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-01-28T15:06:45", "published": "2018-01-28T15:06:45", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00078.html", "id": "OPENSUSE-SU-2018:0258-1", "type": "suse", "title": "Security update for clamav (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-28T00:52:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-6420", "CVE-2017-6418", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-11423", "CVE-2017-12377", "CVE-2017-12374", "CVE-2017-6419"], "description": "This update for clamav fixes the following issues:\n\n - Update to security release 0.99.3 (bsc#1077732)\n * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)\n * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)\n * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument\n Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition\n or potentially execute arbitrary code on an affected device.\n * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)\n * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)\n * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)\n * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)\n - these vulnerabilities could have allowed an unauthenticated, remote\n attacker to cause a denial of service (DoS) condition on an affected\n device.\n * CVE-2017-6420 (bsc#1052448)\n - this vulnerability could have allowed remote attackers to cause a\n denial of service (use-after-free) via a crafted PE file with WWPack\n compression.\n * CVE-2017-6419 (bsc#1052449)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (heap-based buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted CHM file.\n * CVE-2017-11423 (bsc#1049423)\n - ClamAV could have allowed remote attackers to cause a denial of\n service (stack-based buffer over-read and application crash) via a\n crafted CAB file.\n * CVE-2017-6418 (bsc#1052466)\n - ClamAV could have allowed remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted e-mail message.\n - update upstream keys in the keyring\n\n - provide and obsolete clamav-nodb to trigger it's removal in Leap\n bsc#1040662\n\n", "edition": 1, "modified": "2018-01-27T21:07:02", "published": "2018-01-27T21:07:02", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00075.html", "id": "SUSE-SU-2018:0255-1", "type": "suse", "title": "Security update for clamav (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-03T22:57:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000085", "CVE-2017-11423", "CVE-2018-0202", "CVE-2017-6419", "CVE-2012-6706"], "description": "This update for clamav fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows\n an arbitrary memory write (bsc#1045315).\n - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of\n service in libmspack via a crafted CHM file (bsc#1052449).\n - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial\n of service in mspack via a crafted CAB file (bsc#1049423).\n - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in\n XAR parser that can lead to a denial of service (bsc#1082858).\n - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code\n (bsc#1083915).\n\n", "edition": 1, "modified": "2018-04-03T21:10:08", "published": "2018-04-03T21:10:08", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00001.html", "id": "SUSE-SU-2018:0863-1", "title": "Security update for clamav (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-26T16:42:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000085", "CVE-2017-11423", "CVE-2018-0202", "CVE-2017-6419", "CVE-2012-6706"], "description": "This update for clamav fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows\n an arbitrary memory write (bsc#1045315).\n - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of\n service in libmspack via a crafted CHM file (bsc#1052449).\n - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial\n of service in mspack via a crafted CAB file (bsc#1049423).\n - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in\n XAR parser that can lead to a denial of service (bsc#1082858).\n - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code\n (bsc#1083915).\n\n", "edition": 1, "modified": "2018-03-26T15:12:52", "published": "2018-03-26T15:12:52", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00060.html", "id": "SUSE-SU-2018:0809-1", "type": "suse", "title": "Security update for clamav (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "Package : clamav\nVersion : 0.99.2+dfsg-0+deb7u4\nCVE ID : CVE-2017-12374 CVE-2017-12375 CVE-2017-12376\n CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 \n CVE-2017-12380\nDebian Bug : 888484 824196\n\n\nMultiple vulnerabilities have been discovered in clamav, the ClamAV\nAntiVirus toolkit for Unix. Effects range from denial of service to\npotential arbitrary code execution. Additionally, this version fixes\na longstanding issue that has recently resurfaced whereby a malformed\nvirus signature database can cause an application crash and denial of\nservice.\n\nCVE-2017-12374\n\n ClamAV has a use-after-free condition arising from a lack of input\n validation. A remote attacker could exploit this vulnerability with\n a crafted email message to cause a denial of service.\n\nCVE-2017-12375\n\n ClamAV has a buffer overflow vulnerability arising from a lack of\n input validation. An unauthenticated remote attacker could send a\n crafted email message to the affected device, triggering a buffer\n overflow and potentially a denial of service when the malicious\n message is scanned.\n\nCVE-2017-12376\n\n ClamAV has a buffer overflow vulnerability arising from improper\n input validation when handling Portable Document Format (PDF) files.\n An unauthenticated remote attacker could send a crafted PDF file to\n the affected device, triggering a buffer overflow and potentially a\n denial of service or arbitrary code execution when the malicious\n file is scanned.\n\nCVE-2017-12377\n\n ClamAV has a heap overflow vulnerability arising from improper input\n validation when handling mew packets. An attacker could exploit this\n by sending a crafted message to the affected device, triggering a\n denial of service or possible arbitrary code execution when the\n malicious file is scanned.\n\nCVE-2017-12378\n\n ClamAV has a buffer overread vulnerability arising from improper\n input validation when handling tape archive (TAR) files. An\n unauthenticated remote attacker could send a crafted TAR file to\n the affected device, triggering a buffer overread and potentially a\n denial of service when the malicious file is scanned.\n\nCVE-2017-12379\n\n ClamAV has a buffer overflow vulnerability arising from improper\n input validation in the message parsing function. An unauthenticated\n remote attacker could send a crafted email message to the affected\n device, triggering a buffer overflow and potentially a denial of\n service or arbitrary code execution when the malicious message is\n scanned.\n\nCVE-2017-12380\n\n ClamAV has a NULL dereference vulnerability arising from improper\n input validation in the message parsing function. An unauthenticated\n remote attacker could send a crafted email message to the affected\n device, triggering a NULL pointer dereference, which may result in a\n denial of service.\n\nDebian Bug #824196\n\n A malformed virus signature database could cause an application\n crash and denial of service.\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n0.99.2+dfsg-0+deb7u4.\n\nWe recommend that you upgrade your clamav packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-01-28T02:50:41", "published": "2018-01-28T02:50:41", "id": "DEBIAN:DLA-1261-1:E8CFB", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201801/msg00035.html", "title": "[SECURITY] [DLA 1261-1] clamav security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6420", "CVE-2017-6418"], "description": "Package : clamav\nVersion : 0.99.2+dfsg-0+deb7u3\nCVE ID : CVE-2017-6418 CVE-2017-6420\n\nclamav is vulnerable to multiple issues that can lead\nto denial of service when processing untrusted content.\n\nCVE-2017-6418\n\n out-of-bounds read in libclamav/message.c, allowing remote attackers\n to cause a denial of service via a crafted e-mail message.\n\nCVE-2017-6420\n\n use-after-free in the wwunpack function (libclamav/wwunpack.c), allowing\n remote attackers to cause a denial of service via a crafted PE file with\n WWPack compression.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n0.99.2+dfsg-0+deb7u3.\n\nWe recommend that you upgrade your clamav packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-09-22T20:56:07", "published": "2017-09-22T20:56:07", "id": "DEBIAN:DLA-1105-1:10F58", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00023.html", "title": "[SECURITY] [DLA 1105-1] clamav security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11423", "CVE-2017-6419"], "description": "Package : clamav\nVersion : 0.99.2+dfsg-0+deb7u5\nCVE ID : CVE-2017-6419 CVE-2017-11423\n\n\nCVE-2017-6419\nCVE-2017-11423\n\n Two vulnerabilities have been fixed that can be used for denial of\n service or maybe unspecified impact via drafted files\n (heap-based buffer overflow and stack-based buffer over-read causing\n application crash)\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n0.99.2+dfsg-0+deb7u5.\n\nWe recommend that you upgrade your clamav packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-02-12T21:40:38", "published": "2018-02-12T21:40:38", "id": "DEBIAN:DLA-1279-1:9A0A5", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201802/msg00014.html", "title": "[SECURITY] [DLA 1279-1] clamav security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:47:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11423", "CVE-2017-6419"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3946-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nAugust 18, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libmspack\nCVE ID : CVE-2017-6419 CVE-2017-11423\nDebian Bug : 868956 871263\n\nIt was discovered that libsmpack, a library used to handle Microsoft\ncompression formats, did not properly validate its input. A remote\nattacker could craft malicious CAB or CHM files and use this flaw to\ncause a denial of service via application crash, or potentially\nexecute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 0.5-1+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 0.5-1+deb9u1.\n\nWe recommend that you upgrade your libmspack packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 12, "modified": "2017-08-18T09:11:33", "published": "2017-08-18T09:11:33", "id": "DEBIAN:DSA-3946-1:08B21", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00208.html", "title": "[SECURITY] [DSA 3946-1] libmspack security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "\nClamAV project reports:\n\nJoin us as we welcome ClamAV 0.99.3 to the family!.\nThis release is a security release and is recommended for\n\t all ClamAV users.\nCVE-2017-12374 ClamAV UAF (use-after-free) Vulnerabilities\nCVE-2017-12375 ClamAV Buffer Overflow Vulnerability\nCVE-2017-12376 ClamAV Buffer Overflow in handle_pdfname\n\t Vulnerability\nCVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability\nCVE-2017-12378 ClamAV Buffer Over Read Vulnerability\nCVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument\n\t Vulnerability\nCVE-2017-12380 ClamAV Null Dereference Vulnerability\n\n", "edition": 5, "modified": "2018-01-25T00:00:00", "published": "2018-01-25T00:00:00", "id": "B464F61B-84C7-4E1C-8AD4-6CF9EFFFD025", "href": "https://vuxml.freebsd.org/freebsd/b464f61b-84c7-4e1c-8ad4-6cf9efffd025.html", "title": "clamav -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "It was discovered that ClamAV incorrectly handled parsing certain mail \nmessages. A remote attacker could use this issue to cause ClamAV to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PDF \nfiles. A remote attacker could use this issue to cause ClamAV to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-12376)\n\nIt was discovered that ClamAV incorrectly handled parsing certain mew \npacket files. A remote attacker could use this issue to cause ClamAV to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2017-12377)\n\nIt was discovered that ClamAV incorrectly handled parsing certain TAR \nfiles. A remote attacker could possibly use this issue to cause ClamAV to \ncrash, resulting in a denial of service. (CVE-2017-12378)\n\nIn the default installation, attackers would be isolated by the ClamAV \nAppArmor profile.", "edition": 5, "modified": "2018-01-30T00:00:00", "published": "2018-01-30T00:00:00", "id": "USN-3550-1", "href": "https://ubuntu.com/security/notices/USN-3550-1", "title": "ClamAV vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "USN-3550-1 fixed several vulnerabilities in ClamAV. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that ClamAV incorrectly handled parsing certain mail \nmessages. A remote attacker could use this issue to cause ClamAV to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PDF \nfiles. A remote attacker could use this issue to cause ClamAV to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-12376)\n\nIt was discovered that ClamAV incorrectly handled parsing certain mew \npacket files. A remote attacker could use this issue to cause ClamAV to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2017-12377)\n\nIt was discovered that ClamAV incorrectly handled parsing certain TAR \nfiles. A remote attacker could possibly use this issue to cause ClamAV to \ncrash, resulting in a denial of service. (CVE-2017-12378)\n\nIn the default installation, attackers would be isolated by the ClamAV \nAppArmor profile.", "edition": 6, "modified": "2018-02-05T00:00:00", "published": "2018-02-05T00:00:00", "id": "USN-3550-2", "href": "https://ubuntu.com/security/notices/USN-3550-2", "title": "ClamAV vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:36:13", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-6419"], "description": "USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that ClamAV incorrectly handled parsing certain e-mail \nmessages. A remote attacker could possibly use this issue to cause ClamAV \nto crash, resulting in a denial of service. (CVE-2017-6418)\n\nIt was discovered that ClamAV incorrectly handled certain malformed CHM \nfiles. A remote attacker could use this issue to cause ClamAV to crash, \nresulting in a denial of service, or possibly execute arbitrary code. This \nissue only affected Ubuntu 14.04 LTS. In the default installation, \nattackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PE files \nwith WWPack compression. A remote attacker could possibly use this issue to \ncause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420)", "edition": 6, "modified": "2017-08-17T00:00:00", "published": "2017-08-17T00:00:00", "id": "USN-3393-2", "href": "https://ubuntu.com/security/notices/USN-3393-2", "title": "ClamAV vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2017-6419"], "description": "It was discovered that ClamAV incorrectly handled parsing certain e-mail \nmessages. A remote attacker could possibly use this issue to cause ClamAV \nto crash, resulting in a denial of service. (CVE-2017-6418)\n\nIt was discovered that ClamAV incorrectly handled certain malformed CHM \nfiles. A remote attacker could use this issue to cause ClamAV to crash, \nresulting in a denial of service, or possibly execute arbitrary code. This \nissue only affected Ubuntu 14.04 LTS. In the default installation, \nattackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419)\n\nIt was discovered that ClamAV incorrectly handled parsing certain PE files \nwith WWPack compression. A remote attacker could possibly use this issue to \ncause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420)", "edition": 5, "modified": "2017-08-17T00:00:00", "published": "2017-08-17T00:00:00", "id": "USN-3393-1", "href": "https://ubuntu.com/security/notices/USN-3393-1", "title": "ClamAV vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:37:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11423", "CVE-2017-6419"], "description": "It was discovered that libmspack incorrectly handled certain malformed CHM \nfiles. A remote attacker could use this issue to cause libmspack to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-6419)\n\nIt was discovered that libmspack incorrectly handled certain malformed CAB \nfiles. A remote attacker could use this issue to cause libmspack to crash, \nresulting in a denial of service. (CVE-2017-6419)", "edition": 5, "modified": "2017-08-17T00:00:00", "published": "2017-08-17T00:00:00", "id": "USN-3394-1", "href": "https://ubuntu.com/security/notices/USN-3394-1", "title": "libmspack vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2018-01-26T20:54:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12380", "CVE-2017-12375", "CVE-2017-12378", "CVE-2017-12376", "CVE-2017-12379", "CVE-2017-12377", "CVE-2017-12374"], "description": "### Background\n\nClamAV is a GPL virus scanner.\n\n### Description\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.99.3\"", "edition": 1, "modified": "2018-01-26T00:00:00", "published": "2018-01-26T00:00:00", "href": "https://security.gentoo.org/glsa/201801-19", "id": "GLSA-201801-19", "title": "ClamAV: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-04-23T03:28:44", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6420", "CVE-2017-6418", "CVE-2018-1000085", "CVE-2017-11423", "CVE-2018-0202", "CVE-2017-6419", "CVE-2012-6706"], "edition": 1, "description": "### Background\n\nClamAV is a GPL virus scanner.\n\n### Description\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, through multiple vectors, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.99.4\"", "modified": "2018-04-22T00:00:00", "published": "2018-04-22T00:00:00", "href": "https://security.gentoo.org/glsa/201804-16", "id": "GLSA-201804-16", "title": "ClamAV: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T06:36:34", "description": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-26T20:29:00", "title": "CVE-2017-12374", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12374"], "modified": "2018-03-16T01:29:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-12374", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12374", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-26T20:29:00", "title": "CVE-2017-12376", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12376"], "modified": "2018-03-16T01:29:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-12376", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12376", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-26T20:29:00", "title": "CVE-2017-12375", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12375"], "modified": "2018-03-16T01:29:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-12375", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12375", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-26T20:29:00", "title": "CVE-2017-12377", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12377"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-12377", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12377", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-26T20:29:00", "title": "CVE-2017-12379", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12379"], "modified": "2018-03-16T01:29:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-12379", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12379", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:48", "description": "mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-07T03:29:00", "title": "CVE-2017-6419", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6419"], "modified": "2018-10-21T10:29:00", "cpe": ["cpe:/a:libmspack_project:libmspack:0.5"], "id": "CVE-2017-6419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6419", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libmspack_project:libmspack:0.5:alpha:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-26T20:29:00", "title": "CVE-2017-12378", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12378"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-12378", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12378", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-26T20:29:00", "title": "CVE-2017-12380", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12380"], "modified": "2018-03-16T01:29:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-12380", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12380", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:48", "description": "libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-07T03:29:00", "title": "CVE-2017-6418", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6418"], "modified": "2018-10-21T10:29:00", "cpe": ["cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-6418", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6418", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:48", "description": "The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-07T03:29:00", "title": "CVE-2017-6420", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6420"], "modified": "2018-10-21T10:29:00", "cpe": ["cpe:/a:clamav:clamav:0.99.2"], "id": "CVE-2017-6420", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6420", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*"]}]}