Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2008-122.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : clamav (MDVSA-2008:122)

2009-04-2300:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
16
JSON

A vulnerability was discovered in ClamAV and corrected with the 0.93.1 release :

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. (CVE-2008-2713)

Other bugs have also been corrected in 0.93.1 which is being provided with this update.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2008:122. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(37440);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2008-2713");
  script_bugtraq_id(29750);
  script_xref(name:"MDVSA", value:"2008:122");

  script_name(english:"Mandriva Linux Security Advisory : clamav (MDVSA-2008:122)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was discovered in ClamAV and corrected with the 0.93.1
release :

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to
cause a denial of service via a crafted Petite file that triggers an
out-of-bounds read. (CVE-2008-2713)

Other bugs have also been corrected in 0.93.1 which is being provided
with this update."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-db");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-milter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.1", reference:"clamav-0.93.1-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"clamav-db-0.93.1-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"clamav-milter-0.93.1-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"clamd-0.93.1-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64clamav-devel-0.93.1-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64clamav4-0.93.1-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libclamav-devel-0.93.1-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libclamav4-0.93.1-1.1mdv2007.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.0", reference:"clamav-0.93.1-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"clamav-db-0.93.1-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"clamav-milter-0.93.1-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"clamd-0.93.1-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64clamav-devel-0.93.1-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64clamav4-0.93.1-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libclamav-devel-0.93.1-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libclamav4-0.93.1-1.1mdv2008.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.1", reference:"clamav-0.93.1-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"clamav-db-0.93.1-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"clamav-milter-0.93.1-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"clamd-0.93.1-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64clamav-devel-0.93.1-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64clamav4-0.93.1-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libclamav-devel-0.93.1-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libclamav4-0.93.1-1.1mdv2008.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxclamavp-cpe:/a:mandriva:linux:clamav
mandrivalinuxclamav-dbp-cpe:/a:mandriva:linux:clamav-db
mandrivalinuxclamav-milterp-cpe:/a:mandriva:linux:clamav-milter
mandrivalinuxclamdp-cpe:/a:mandriva:linux:clamd
mandrivalinuxlib64clamav-develp-cpe:/a:mandriva:linux:lib64clamav-devel
mandrivalinuxlib64clamav4p-cpe:/a:mandriva:linux:lib64clamav4
mandrivalinuxlibclamav-develp-cpe:/a:mandriva:linux:libclamav-devel
mandrivalinuxlibclamav4p-cpe:/a:mandriva:linux:libclamav4
mandrivalinux2007.1cpe:/o:mandriva:linux:2007.1
mandrivalinux2008.0cpe:/o:mandriva:linux:2008.0
Rows per page:
1-10 of 111

Related

seebug 1
openvas 32
nessus 15
securityvulns 2
debian 4
cve 2
prion 2
ubuntucve 2
fedora 5
debiancve 2
osv 1
gentoo 1
seebug
seebug
ClamAV petite.c无效内存访问绝服务漏洞
2008-06-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 1616-1 (clamav)
2008-08-15 00:00:00
Debian Security Advisory DSA 1616-2 (clamav)
2008-08-15 00:00:00
Fedora Update for clamav FEDORA-2008-5476
2009-02-17 00:00:00
nessus
nessus
openSUSE Security Update : clamav (clamav-85)
2009-07-21 00:00:00
openSUSE 10 Security Update : clamav (clamav-5414)
2008-07-15 00:00:00
Fedora 9 : clamav-0.93.1-1.fc9 (2008-5476)
2008-06-24 00:00:00
securityvulns
securityvulns
ClamAV antivirus DoS
2008-06-25 00:00:00
[ MDVSA-2008:122 ] - Updated clamav packages fix vulnerability
2008-06-25 00:00:00
debian
debian
[SECURITY] [DSA 1616-2] New clamav packages fix denial of service
2008-07-26 04:49:24
[SECURITY] [DSA 1616-1] new clamav packages fix denial of service
2008-07-24 07:36:24
[SECURITY] [DSA 1616-2] New clamav packages fix denial of service
2008-07-26 04:49:24
cve
cve
CVE-2008-2713
2008-06-16 21:41:00
CVE-2008-3215
2008-07-18 16:41:00
prion
prion
Out-of-bounds
2008-06-16 21:41:00
Out-of-bounds
2008-07-18 16:41:00
ubuntucve
ubuntucve
CVE-2008-2713
2008-06-16 00:00:00
CVE-2008-3215
2008-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: clamav-0.93.3-1.fc9
2008-07-17 14:15:45
[SECURITY] Fedora 9 Update: clamav-0.93.1-1.fc9
2008-06-20 19:07:25
[SECURITY] Fedora 8 Update: clamav-0.92.1-3.fc8
2008-07-17 14:17:14
debiancve
debiancve
CVE-2008-2713
2008-06-16 21:41:00
CVE-2008-3215
2008-07-18 16:41:00
osv
osv
clamav - denial of service
2008-07-26 00:00:00
gentoo
gentoo
ClamAV: Multiple Denials of Service
2008-08-08 00:00:00
JSON
Related for MANDRIVA_MDVSA-2008-122.NASL
seebug1openvas32nessus15securityvulns2debian4cve2prion2ubuntucve2fedora5debiancve2osv1gentoo1