GLSA-200703-03 : ClamAV: Denial of Service

2007-03-02T00:00:00
ID GENTOO_GLSA-200703-03.NASL
Type nessus
Reporter Tenable
Modified 2018-08-10T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200703-03 (ClamAV: Denial of Service)

An anonymous researcher discovered a file descriptor leak error in the     processing of CAB archives and a lack of validation of the 'id'     parameter string used to create local files when parsing MIME headers.

Impact :

A remote attacker can send several crafted CAB archives with a     zero-length record header that will fill the available file descriptors     until no other is available, which will prevent ClamAV from scanning     most archives. An attacker can also send an email with specially     crafted MIME headers to overwrite local files with the permissions of     the user running ClamAV, such as the virus database file, which could     prevent ClamAV from detecting any virus.

Workaround :

The first vulnerability can be prevented by refusing any file of type     CAB, but there is no known workaround for the second issue.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200703-03.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(24751);
  script_version("1.13");
  script_cvs_date("Date: 2018/08/10 18:07:06");

  script_cve_id("CVE-2007-0897", "CVE-2007-0898");
  script_xref(name:"GLSA", value:"200703-03");

  script_name(english:"GLSA-200703-03 : ClamAV: Denial of Service");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200703-03
(ClamAV: Denial of Service)

    An anonymous researcher discovered a file descriptor leak error in the
    processing of CAB archives and a lack of validation of the 'id'
    parameter string used to create local files when parsing MIME headers.
  
Impact :

    A remote attacker can send several crafted CAB archives with a
    zero-length record header that will fill the available file descriptors
    until no other is available, which will prevent ClamAV from scanning
    most archives. An attacker can also send an email with specially
    crafted MIME headers to overwrite local files with the permissions of
    the user running ClamAV, such as the virus database file, which could
    prevent ClamAV from detecting any virus.
  
Workaround :

    The first vulnerability can be prevented by refusing any file of type
    CAB, but there is no known workaround for the second issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200703-03"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All ClamAV users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.90'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
  script_cwe_id(22);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/02");
  script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.90"), vulnerable:make_list("lt 0.90"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ClamAV");
}