Mandriva Update for clamav MDVSA-2008:088 (clamav)
2009-04-09T00:00:00
ID OPENVAS:830609 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-07-06T00:00:00
Description
Check for the Version of clamav
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for clamav MDVSA-2008:088 (clamav)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities were discovered in ClamAV and corrected with
the 0.93 release, including:
ClamAV 0.92 allowed local users to overwrite arbitrary files via
a symlink attack on temporary files or on .ascii files in sigtool,
when utf16-decode is enabled (CVE-2007-6595).
A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted PeSpin packed PE binary
(CVE-2008-0314).
An integer overflow in libclamav prior to 0.92.1 allowed remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted Petite packed PE file, which triggered a heap-based
buffer overflow (CVE-2008-0318).
An unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap
corruption (CVE-2008-0728).
A buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).
ClamAV prior to 0.93 allowed remote attackers to cause a denial of
service (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).
A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted WWPack compressed PE binary
(CVE-2008-1833).
ClamAV prior to 0.93 allowed remote attackers to bypass the scanning
engine via a RAR file with an invalid version number (CVE-2008-1835).
A vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed
remote attackers to cause a denial of service (crash) via a crafted
message that produced a string that was not null terminated, triggering
a buffer over-read (CVE-2008-1836).
A vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote
attackers to cause a denial of service (crash) via a crafted RAR file
(CVE-2008-1837).
Other bugs have also been corrected in 0.93 which is being provided
with this update. Because this new version has increased the major
of the libclamav library, updated dependent packages are also being
provided.";
tag_affected = "clamav on Mandriva Linux 2007.1,
Mandriva Linux 2007.1/X86_64,
Mandriva Linux 2008.0,
Mandriva Linux 2008.0/X86_64,
Mandriva Linux 2008.1,
Mandriva Linux 2008.1/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2008-04/msg00011.php");
script_id(830609);
script_version("$Revision: 6568 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name: "MDVSA", value: "2008:088");
script_cve_id("CVE-2007-6595", "CVE-2008-0314", "CVE-2008-0318", "CVE-2008-0728", "CVE-2008-1100", "CVE-2008-1387", "CVE-2008-1833", "CVE-2008-1835", "CVE-2008-1836", "CVE-2008-1837");
script_name( "Mandriva Update for clamav MDVSA-2008:088 (clamav)");
script_summary("Check for the Version of clamav");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2007.1")
{
if ((res = isrpmvuln(pkg:"clamav", rpm:"clamav~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamav-db", rpm:"clamav-db~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamav-milter", rpm:"clamav-milter~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamd", rpm:"clamd~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamdmon", rpm:"clamdmon~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libclamav4", rpm:"libclamav4~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libclamav-devel", rpm:"libclamav-devel~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64clamav4", rpm:"lib64clamav4~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64clamav-devel", rpm:"lib64clamav-devel~0.93~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2008.0")
{
if ((res = isrpmvuln(pkg:"clamav", rpm:"clamav~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamav-db", rpm:"clamav-db~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamav-milter", rpm:"clamav-milter~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamd", rpm:"clamd~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamdmon", rpm:"clamdmon~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"klamav", rpm:"klamav~0.42~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libclamav4", rpm:"libclamav4~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libclamav-devel", rpm:"libclamav-devel~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64clamav4", rpm:"lib64clamav4~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64clamav-devel", rpm:"lib64clamav-devel~0.93~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2008.1")
{
if ((res = isrpmvuln(pkg:"clamav", rpm:"clamav~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamav-db", rpm:"clamav-db~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamav-milter", rpm:"clamav-milter~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamd", rpm:"clamd~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"clamdmon", rpm:"clamdmon~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"dansguardian", rpm:"dansguardian~2.9.9.2~4.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"klamav", rpm:"klamav~0.42~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libclamav4", rpm:"libclamav4~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libclamav-devel", rpm:"libclamav-devel~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64clamav4", rpm:"lib64clamav4~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64clamav-devel", rpm:"lib64clamav-devel~0.93~1.1mdv2008.1", rls:"MNDK_2008.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:830609", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for clamav MDVSA-2008:088 (clamav)", "description": "Check for the Version of clamav", "published": "2009-04-09T00:00:00", "modified": "2017-07-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830609", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://lists.mandriva.com/security-announce/2008-04/msg00011.php", "2008:088"], "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-0318", "CVE-2008-0728", "CVE-2008-1837", "CVE-2007-6595", "CVE-2008-0314", "CVE-2008-1833"], "lastseen": "2017-07-24T12:56:27", "viewCount": 0, "enchantments": {"score": {"value": 8.2, "vector": "NONE", "modified": "2017-07-24T12:56:27", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:860046", "OPENVAS:860296", "OPENVAS:61053", "OPENVAS:860218", "OPENVAS:60430", "OPENVAS:850043", "OPENVAS:1361412562310830609", "OPENVAS:65041", "OPENVAS:860037", "OPENVAS:136141256231065041"]}, {"type": "nessus", "idList": ["SUSE_CLAMAV-5200.NASL", "DEBIAN_DSA-1549.NASL", "SUSE_CLAMAV-5009.NASL", "SUSE_CLAMAV-5199.NASL", "FEDORA_2008-3420.NASL", "MANDRIVA_MDVSA-2008-088.NASL", "DEBIAN_DSA-1497.NASL", "GENTOO_GLSA-200805-19.NASL", "FEDORA_2008-3358.NASL", "FEDORA_2008-3900.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200805-19", "GLSA-200808-07", "GLSA-200802-09"]}, {"type": "suse", "idList": ["SUSE-SA:2008:024"]}, {"type": "cve", "idList": ["CVE-2008-0314", "CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1833", "CVE-2008-1100", "CVE-2008-1837", "CVE-2007-6595", "CVE-2008-1835", "CVE-2008-0728", "CVE-2008-0318"]}, {"type": "fedora", "idList": ["FEDORA:1D27B20876F", "FEDORA:M6HEGOFP009036", "FEDORA:M1D5EK0O006502", "FEDORA:M1D5GIIH006760", "FEDORA:M3TLGKXW031661", "FEDORA:M3TLB9PC030826", "FEDORA:M4EM9PRD000623"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1497-1:618ED", "DEBIAN:DSA-1549-1:75007"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19672", "SECURITYVULNS:DOC:19711", "SECURITYVULNS:VULN:8678", "SECURITYVULNS:DOC:19660", "SECURITYVULNS:DOC:19102", "SECURITYVULNS:VULN:8909"]}, {"type": "cert", "idList": ["VU:858595"]}, {"type": "freebsd", "idList": ["589D8053-0B03-11DD-B4EF-00E07DC4EC84", "BE4B0529-DBAF-11DC-9791-000EA6702141"]}, {"type": "seebug", "idList": ["SSV:3178", "SSV:3180", "SSV:3168"]}], "modified": "2017-07-24T12:56:27", "rev": 2}, "vulnersScore": 8.2}, "pluginID": "830609", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for clamav MDVSA-2008:088 (clamav)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered in ClamAV and corrected with\n the 0.93 release, including:\n\n ClamAV 0.92 allowed local users to overwrite arbitrary files via\n a symlink attack on temporary files or on .ascii files in sigtool,\n when utf16-decode is enabled (CVE-2007-6595).\n \n A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers\n to execute arbitrary code via a crafted PeSpin packed PE binary\n (CVE-2008-0314).\n \n An integer overflow in libclamav prior to 0.92.1 allowed remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Petite packed PE file, which triggered a heap-based\n buffer overflow (CVE-2008-0318).\n \n An unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap\n corruption (CVE-2008-0728).\n \n A buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers\n to execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).\n \n ClamAV prior to 0.93 allowed remote attackers to cause a denial of\n service (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).\n \n A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers\n to execute arbitrary code via a crafted WWPack compressed PE binary\n (CVE-2008-1833).\n \n ClamAV prior to 0.93 allowed remote attackers to bypass the scanning\n engine via a RAR file with an invalid version number (CVE-2008-1835).\n \n A vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed\n remote attackers to cause a denial of service (crash) via a crafted\n message that produced a string that was not null terminated, triggering\n a buffer over-read (CVE-2008-1836).\n \n A vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote\n attackers to cause a denial of service (crash) via a crafted RAR file\n (CVE-2008-1837).\n \n Other bugs have also been corrected in 0.93 which is being provided\n with this update. Because this new version has increased the major\n of the libclamav library, updated dependent packages are also being\n provided.\";\n\ntag_affected = \"clamav on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-04/msg00011.php\");\n script_id(830609);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:088\");\n script_cve_id(\"CVE-2007-6595\", \"CVE-2008-0314\", \"CVE-2008-0318\", \"CVE-2008-0728\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\", \"CVE-2008-1835\", \"CVE-2008-1836\", \"CVE-2008-1837\");\n script_name( \"Mandriva Update for clamav MDVSA-2008:088 (clamav)\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav4\", rpm:\"libclamav4~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav4\", rpm:\"lib64clamav4~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.42~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav4\", rpm:\"libclamav4~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav4\", rpm:\"lib64clamav4~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dansguardian\", rpm:\"dansguardian~2.9.9.2~4.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.42~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav4\", rpm:\"libclamav4~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav4\", rpm:\"lib64clamav4~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}
{"openvas": [{"lastseen": "2018-04-09T11:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-0318", "CVE-2008-0728", "CVE-2008-1837", "CVE-2007-6595", "CVE-2008-0314", "CVE-2008-1833"], "description": "Check for the Version of clamav", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830609", "type": "openvas", "title": "Mandriva Update for clamav MDVSA-2008:088 (clamav)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for clamav MDVSA-2008:088 (clamav)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered in ClamAV and corrected with\n the 0.93 release, including:\n\n ClamAV 0.92 allowed local users to overwrite arbitrary files via\n a symlink attack on temporary files or on .ascii files in sigtool,\n when utf16-decode is enabled (CVE-2007-6595).\n \n A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers\n to execute arbitrary code via a crafted PeSpin packed PE binary\n (CVE-2008-0314).\n \n An integer overflow in libclamav prior to 0.92.1 allowed remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Petite packed PE file, which triggered a heap-based\n buffer overflow (CVE-2008-0318).\n \n An unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap\n corruption (CVE-2008-0728).\n \n A buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers\n to execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).\n \n ClamAV prior to 0.93 allowed remote attackers to cause a denial of\n service (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).\n \n A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers\n to execute arbitrary code via a crafted WWPack compressed PE binary\n (CVE-2008-1833).\n \n ClamAV prior to 0.93 allowed remote attackers to bypass the scanning\n engine via a RAR file with an invalid version number (CVE-2008-1835).\n \n A vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed\n remote attackers to cause a denial of service (crash) via a crafted\n message that produced a string that was not null terminated, triggering\n a buffer over-read (CVE-2008-1836).\n \n A vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote\n attackers to cause a denial of service (crash) via a crafted RAR file\n (CVE-2008-1837).\n \n Other bugs have also been corrected in 0.93 which is being provided\n with this update. Because this new version has increased the major\n of the libclamav library, updated dependent packages are also being\n provided.\";\n\ntag_affected = \"clamav on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-04/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830609\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:088\");\n script_cve_id(\"CVE-2007-6595\", \"CVE-2008-0314\", \"CVE-2008-0318\", \"CVE-2008-0728\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\", \"CVE-2008-1835\", \"CVE-2008-1836\", \"CVE-2008-1837\");\n script_name( \"Mandriva Update for clamav MDVSA-2008:088 (clamav)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav4\", rpm:\"libclamav4~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav4\", rpm:\"lib64clamav4~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.93~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.42~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav4\", rpm:\"libclamav4~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav4\", rpm:\"lib64clamav4~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.93~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-milter\", rpm:\"clamav-milter~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamdmon\", rpm:\"clamdmon~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dansguardian\", rpm:\"dansguardian~2.9.9.2~4.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.42~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav4\", rpm:\"libclamav4~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libclamav-devel\", rpm:\"libclamav-devel~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav4\", rpm:\"lib64clamav4~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64clamav-devel\", rpm:\"lib64clamav-devel~0.93~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2008-0314", "CVE-2008-1833"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200805-19.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:61053", "href": "http://plugins.openvas.org/nasl.php?oid=61053", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200805-19 (clamav)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in ClamAV may result in the remote execution of\narbitrary code.\";\ntag_solution = \"All ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.93'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200805-19\nhttp://bugs.gentoo.org/show_bug.cgi?id=213762\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200805-19.\";\n\n \n\nif(description)\n{\n script_id(61053);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\", \"CVE-2008-1835\", \"CVE-2008-1836\", \"CVE-2008-1837\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200805-19 (clamav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-antivirus/clamav\", unaffected: make_list(\"ge 0.93\"), vulnerable: make_list(\"lt 0.93\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2007-6595", "CVE-2007-6596", "CVE-2008-0314", "CVE-2008-1833"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023300 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65041", "href": "http://plugins.openvas.org/nasl.php?oid=65041", "type": "openvas", "title": "SLES9: Security update for clamav", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023300.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for clamav\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023300 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65041);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1837\", \"CVE-2008-1836\", \"CVE-2008-1835\", \"CVE-2008-1833\", \"CVE-2008-1387\", \"CVE-2008-1100\", \"CVE-2008-0314\", \"CVE-2007-6595\", \"CVE-2007-6596\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~0.6\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2007-6595", "CVE-2007-6596", "CVE-2008-0314", "CVE-2008-1833"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023300 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065041", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065041", "type": "openvas", "title": "SLES9: Security update for clamav", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023300.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for clamav\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n clamav\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023300 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65041\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1837\", \"CVE-2008-1836\", \"CVE-2008-1835\", \"CVE-2008-1833\", \"CVE-2008-1387\", \"CVE-2008-1100\", \"CVE-2008-0314\", \"CVE-2007-6595\", \"CVE-2007-6596\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for clamav\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~0.6\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:19:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2007-6595", "CVE-2007-6596", "CVE-2008-0314", "CVE-2008-1833"], "description": "Check for the Version of clamav", "modified": "2017-12-08T00:00:00", "published": "2009-01-23T00:00:00", "id": "OPENVAS:850043", "href": "http://plugins.openvas.org/nasl.php?oid=850043", "type": "openvas", "title": "SuSE Update for clamav SUSE-SA:2008:024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_024.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for clamav SUSE-SA:2008:024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The AntiVirus scan engine ClamAV was updated to version 0.93 fixes a long list of\n vulnerabilities.\n\n These vulnerabilities can lead to remote code execution, bypassing\n the scanning engine, remote denial-of-service, local file overwrite.\n CVE-2008-1835,\n CVE-2008-1100,\n CVE-2007-6596\n\n Since the library changed, we also released updated klamav packages\n for openSUSE 10.2 and 10.3.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"clamav on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850043);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-024\");\n script_cve_id(\"CVE-2007-6595\", \"CVE-2007-6596\", \"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\", \"CVE-2008-1835\", \"CVE-2008-1836\", \"CVE-2008-1837\");\n script_name( \"SuSE Update for clamav SUSE-SA:2008:024\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.41.1~32.3\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~0.3\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~0.3\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~0.3\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~0.3\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"klamav\", rpm:\"klamav~0.41.1~17.4\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~0.6\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.93~0.6\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-0314"], "description": "Check for the Version of clamav", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860046", "href": "http://plugins.openvas.org/nasl.php?oid=860046", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2008-3900", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2008-3900\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"clamav on Fedora 9\";\ntag_insight = \"Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this\n software is the integration with mail servers (attachment scanning). The\n package provides a flexible and scalable multi-threaded daemon, a command\n line scanner, and a tool for automatic updating via Internet. The programs\n are based on a shared library distributed with the Clam AntiVirus package,\n which you can use with your own software. The virus database is based on\n the virus database from OpenAntiVirus, but contains additional signatures\n (including signatures for popular polymorphic viruses, too) and is KEPT UP\n TO DATE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html\");\n script_id(860046);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-3900\");\n script_cve_id(\"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-0314\", \"CVE-2008-1836\");\n script_name( \"Fedora Update for clamav FEDORA-2008-3900\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.93~1.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6335", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-0314", "CVE-2008-1833"], "description": "Check for the Version of clamav", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860296", "href": "http://plugins.openvas.org/nasl.php?oid=860296", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2008-3420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2008-3420\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"clamav on Fedora 8\";\ntag_insight = \"Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this\n software is the integration with mail servers (attachment scanning). The\n package provides a flexible and scalable multi-threaded daemon, a command\n line scanner, and a tool for automatic updating via Internet. The programs\n are based on a shared library distributed with the Clam AntiVirus package,\n which you can use with your own software. The virus database is based on\n the virus database from OpenAntiVirus, but contains additional signatures\n (including signatures for popular polymorphic viruses, too) and is KEPT UP\n TO DATE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html\");\n script_id(860296);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-3420\");\n script_cve_id(\"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-0314\", \"CVE-2008-1833\", \"CVE-2007-6335\");\n script_name( \"Fedora Update for clamav FEDORA-2008-3420\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.92.1~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6335", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-2713", "CVE-2008-0314", "CVE-2008-1833"], "description": "Check for the Version of clamav", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860218", "href": "http://plugins.openvas.org/nasl.php?oid=860218", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2008-6422", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2008-6422\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"clamav on Fedora 8\";\ntag_insight = \"Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this\n software is the integration with mail servers (attachment scanning). The\n package provides a flexible and scalable multi-threaded daemon, a command\n line scanner, and a tool for automatic updating via Internet. The programs\n are based on a shared library distributed with the Clam AntiVirus package,\n which you can use with your own software. The virus database is based on\n the virus database from OpenAntiVirus, but contains additional signatures\n (including signatures for popular polymorphic viruses, too) and is KEPT UP\n TO DATE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html\");\n script_id(860218);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-6422\");\n script_cve_id(\"CVE-2008-2713\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-0314\", \"CVE-2008-1833\", \"CVE-2007-6335\");\n script_name( \"Fedora Update for clamav FEDORA-2008-6422\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.92.1~3.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6335", "CVE-2008-1387", "CVE-2008-1100", "CVE-2007-4510", "CVE-2008-0314", "CVE-2008-1833"], "description": "Check for the Version of clamav", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860037", "href": "http://plugins.openvas.org/nasl.php?oid=860037", "type": "openvas", "title": "Fedora Update for clamav FEDORA-2008-3358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2008-3358\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"clamav on Fedora 7\";\ntag_insight = \"Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this\n software is the integration with mail servers (attachment scanning). The\n package provides a flexible and scalable multi-threaded daemon, a command\n line scanner, and a tool for automatic updating via Internet. The programs\n are based on a shared library distributed with the Clam AntiVirus package,\n which you can use with your own software. The virus database is based on\n the virus database from OpenAntiVirus, but contains additional signatures\n (including signatures for popular polymorphic viruses, too) and is KEPT UP\n TO DATE.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html\");\n script_id(860037);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-3358\");\n script_cve_id(\"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-0314\", \"CVE-2008-1833\", \"CVE-2007-6335\", \"CVE-2007-4510\");\n script_name( \"Fedora Update for clamav FEDORA-2008-3358\");\n\n script_summary(\"Check for the Version of clamav\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.92.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0318", "CVE-2007-6595"], "description": "The remote host is missing an update to clamav\nannounced via advisory DSA 1497-1.", "modified": "2017-07-07T00:00:00", "published": "2008-02-28T00:00:00", "id": "OPENVAS:60430", "href": "http://plugins.openvas.org/nasl.php?oid=60430", "type": "openvas", "title": "Debian Security Advisory DSA 1497-1 (clamav)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1497_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1497-1 (clamav)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Clam anti-virus\ntoolkit, which may lead to the execution of arbitrary or local denial\nof service. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-6595\n\nIt was discovered that temporary files are created insecurely,\nwhich may result in local denial of service by overwriting files.\n\nCVE-2008-0318\n\nSilvio Cesare discovered an integer overflow in the parser for PE\nheaders.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.90.1dfsg-3etch10. In addition to these fixes, this update\nalso incorporates changes from the upcoming point release of the\nstable distribution (non-free RAR handling code was removed).\n\nThe version of clamav in the old stable distribution (sarge) is no\nlonger supported with security updates.\n\nWe recommend that you upgrade your clamav packages.\";\ntag_summary = \"The remote host is missing an update to clamav\nannounced via advisory DSA 1497-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201497-1\";\n\n\nif(description)\n{\n script_id(60430);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-28 02:09:28 +0100 (Thu, 28 Feb 2008)\");\n script_cve_id(\"CVE-2007-6595\", \"CVE-2008-0318\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1497-1 (clamav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"clamav-testfiles\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-base\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-docs\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libclamav-dev\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libclamav2\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-freshclam\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-dbg\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-milter\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"clamav-daemon\", ver:\"0.90.1dfsg-3etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:51", "description": "Multiple vulnerabilities were discovered in ClamAV and corrected with\nthe 0.93 release, including :\n\nClamAV 0.92 allowed local users to overwrite arbitrary files via a\nsymlink attack on temporary files or on .ascii files in sigtool, when\nutf16-decode is enabled (CVE-2007-6595).\n\nClamAV 0.92 did not recognize Base64 uuencoded archives, which allowed\nremoted attackers to bypass the sanner via a base64-uuencoded file\n(CVE-2007-6596).\n\nA heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers\nto execute arbitrary code via a crafted PeSpin packed PE binary\n(CVE-2008-0314).\n\nAn integer overflow in libclamav prior to 0.92.1 allowed remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Petite packed PE file, which triggered a heap-based\nbuffer overflow (CVE-2008-0318).\n\nAn unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap\ncorruption (CVE-2008-0728).\n\nA buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers\nto execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).\n\nClamAV prior to 0.93 allowed remote attackers to cause a denial of\nservice (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).\n\nA heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers\nto execute arbitrary code via a crafted WWPack compressed PE binary\n(CVE-2008-1833).\n\nClamAV prior to 0.93 allowed remote attackers to bypass the scanning\nengine via a RAR file with an invalid version number (CVE-2008-1835).\n\nA vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed\nremote attackers to cause a denial of service (crash) via a crafted\nmessage that produced a string that was not null terminated,\ntriggering a buffer over-read (CVE-2008-1836).\n\nA vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote\nattackers to cause a denial of service (crash) via a crafted RAR file\n(CVE-2008-1837).\n\nOther bugs have also been corrected in 0.93 which is being provided\nwith this update. Because this new version has increased the major of\nthe libclamav library, updated dependent packages are also being\nprovided.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : clamav (MDVSA-2008:088)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-0318", "CVE-2008-0728", "CVE-2008-1837", "CVE-2007-6595", "CVE-2007-6596", "CVE-2008-0314", "CVE-2008-1833"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:clamd", "p-cpe:/a:mandriva:linux:lib64clamav4", "p-cpe:/a:mandriva:linux:clamav", "p-cpe:/a:mandriva:linux:dansguardian", "p-cpe:/a:mandriva:linux:klamav", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:clamav-milter", "p-cpe:/a:mandriva:linux:clamav-db", "p-cpe:/a:mandriva:linux:clamdmon", "p-cpe:/a:mandriva:linux:libclamav4", "p-cpe:/a:mandriva:linux:lib64clamav-devel", "p-cpe:/a:mandriva:linux:libclamav-devel"], "id": "MANDRIVA_MDVSA-2008-088.NASL", "href": "https://www.tenable.com/plugins/nessus/37368", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:088. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37368);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6595\", \"CVE-2007-6596\", \"CVE-2008-0314\", \"CVE-2008-0318\", \"CVE-2008-0728\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\", \"CVE-2008-1835\", \"CVE-2008-1836\", \"CVE-2008-1837\");\n script_xref(name:\"MDVSA\", value:\"2008:088\");\n\n script_name(english:\"Mandriva Linux Security Advisory : clamav (MDVSA-2008:088)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in ClamAV and corrected with\nthe 0.93 release, including :\n\nClamAV 0.92 allowed local users to overwrite arbitrary files via a\nsymlink attack on temporary files or on .ascii files in sigtool, when\nutf16-decode is enabled (CVE-2007-6595).\n\nClamAV 0.92 did not recognize Base64 uuencoded archives, which allowed\nremoted attackers to bypass the sanner via a base64-uuencoded file\n(CVE-2007-6596).\n\nA heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers\nto execute arbitrary code via a crafted PeSpin packed PE binary\n(CVE-2008-0314).\n\nAn integer overflow in libclamav prior to 0.92.1 allowed remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Petite packed PE file, which triggered a heap-based\nbuffer overflow (CVE-2008-0318).\n\nAn unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap\ncorruption (CVE-2008-0728).\n\nA buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers\nto execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).\n\nClamAV prior to 0.93 allowed remote attackers to cause a denial of\nservice (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).\n\nA heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers\nto execute arbitrary code via a crafted WWPack compressed PE binary\n(CVE-2008-1833).\n\nClamAV prior to 0.93 allowed remote attackers to bypass the scanning\nengine via a RAR file with an invalid version number (CVE-2008-1835).\n\nA vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed\nremote attackers to cause a denial of service (crash) via a crafted\nmessage that produced a string that was not null terminated,\ntriggering a buffer over-read (CVE-2008-1836).\n\nA vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote\nattackers to cause a denial of service (crash) via a crafted RAR file\n(CVE-2008-1837).\n\nOther bugs have also been corrected in 0.93 which is being provided\nwith this update. Because this new version has increased the major of\nthe libclamav library, updated dependent packages are also being\nprovided.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 59, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamdmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dansguardian\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:klamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libclamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libclamav4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamav-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamav-db-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamav-milter-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamd-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"clamdmon-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64clamav-devel-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64clamav4-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libclamav-devel-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libclamav4-0.93-1.1mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"clamav-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"clamav-db-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"clamav-milter-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"clamd-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"clamdmon-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"klamav-0.42-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64clamav-devel-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64clamav4-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libclamav-devel-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libclamav4-0.93-1.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"clamav-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"clamav-db-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"clamav-milter-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"clamd-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"clamdmon-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"dansguardian-2.9.9.2-4.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"klamav-0.42-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64clamav-devel-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64clamav4-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libclamav-devel-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libclamav4-0.93-1.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:22", "description": "The remote host is affected by the vulnerability described in GLSA-200805-19\n(ClamAV: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported:\n Damian Put reported a heap-based buffer overflow when processing PeSpin\n packed PE binaries (CVE-2008-0314).\n Alin Rad Pop of Secunia Research reported a buffer overflow in the\n cli_scanpe() function when processing Upack PE binaries\n (CVE-2008-1100).\n Hanno Boeck reported an infinite loop when processing ARJ archives\n (CVE-2008-1387).\n Damian Put and Thomas Pollet reported a heap-based buffer overflow when\n processing WWPack compressed PE binaries (CVE-2008-1833).\n A buffer over-read was discovered in the rfc2231() function when\n producing a string that is not NULL terminated (CVE-2008-1836).\n An unspecified vulnerability leading to 'memory problems' when scanning\n RAR files was reported (CVE-2008-1837).\n Thierry Zoller reported that scanning of RAR files could be\n circumvented (CVE-2008-1835).\n \nImpact :\n\n A remote attacker could entice a user or automated system to scan a\n specially crafted file, possibly leading to the execution of arbitrary\n code with the privileges of the user running ClamAV (either a system\n user or the 'clamav' user if clamd is compromised), or a Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "published": "2008-05-22T00:00:00", "title": "GLSA-200805-19 : ClamAV: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2008-0314", "CVE-2008-1833"], "modified": "2008-05-22T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:clamav"], "id": "GENTOO_GLSA-200805-19.NASL", "href": "https://www.tenable.com/plugins/nessus/32417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200805-19.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32417);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\", \"CVE-2008-1835\", \"CVE-2008-1836\", \"CVE-2008-1837\");\n script_xref(name:\"GLSA\", value:\"200805-19\");\n\n script_name(english:\"GLSA-200805-19 : ClamAV: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200805-19\n(ClamAV: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported:\n Damian Put reported a heap-based buffer overflow when processing PeSpin\n packed PE binaries (CVE-2008-0314).\n Alin Rad Pop of Secunia Research reported a buffer overflow in the\n cli_scanpe() function when processing Upack PE binaries\n (CVE-2008-1100).\n Hanno Boeck reported an infinite loop when processing ARJ archives\n (CVE-2008-1387).\n Damian Put and Thomas Pollet reported a heap-based buffer overflow when\n processing WWPack compressed PE binaries (CVE-2008-1833).\n A buffer over-read was discovered in the rfc2231() function when\n producing a string that is not NULL terminated (CVE-2008-1836).\n An unspecified vulnerability leading to 'memory problems' when scanning\n RAR files was reported (CVE-2008-1837).\n Thierry Zoller reported that scanning of RAR files could be\n circumvented (CVE-2008-1835).\n \nImpact :\n\n A remote attacker could entice a user or automated system to scan a\n specially crafted file, possibly leading to the execution of arbitrary\n code with the privileges of the user running ClamAV (either a system\n user or the 'clamav' user if clamd is compromised), or a Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200805-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ClamAV users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.93'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-antivirus/clamav\", unaffected:make_list(\"ge 0.93\"), vulnerable:make_list(\"lt 0.93\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ClamAV\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:22", "description": "This version upgrade of ClamAV to 0.93 fixes a long list of\nvulnerabilities. These vulnerabilities can lead to remote code\nexecution, bypassing the scanning engine, remote denial-of-service,\nlocal file overwrite. (CVE-2008-1837 / CVE-2008-1836 / CVE-2008-1835 /\nCVE-2008-1833 / CVE-2008-1387 / CVE-2008-1100 / CVE-2008-0314 /\nCVE-2007-6595 / CVE-2007-6596)", "edition": 24, "published": "2008-04-25T00:00:00", "title": "SuSE 10 Security Update : clamav (ZYPP Patch Number 5200)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2007-6595", "CVE-2007-6596", "CVE-2008-0314", "CVE-2008-1833"], "modified": "2008-04-25T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CLAMAV-5200.NASL", "href": "https://www.tenable.com/plugins/nessus/32048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32048);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6595\", \"CVE-2007-6596\", \"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\", \"CVE-2008-1835\", \"CVE-2008-1836\", \"CVE-2008-1837\");\n\n script_name(english:\"SuSE 10 Security Update : clamav (ZYPP Patch Number 5200)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade of ClamAV to 0.93 fixes a long list of\nvulnerabilities. These vulnerabilities can lead to remote code\nexecution, bypassing the scanning engine, remote denial-of-service,\nlocal file overwrite. (CVE-2008-1837 / CVE-2008-1836 / CVE-2008-1835 /\nCVE-2008-1833 / CVE-2008-1387 / CVE-2008-1100 / CVE-2008-0314 /\nCVE-2007-6595 / CVE-2007-6596)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6595.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6596.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0314.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1387.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1833.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1835.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1836.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1837.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5200.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 59, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"clamav-0.93-0.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:22", "description": "This version upgrade of ClamAV to 0.93 fixes a long list of\nvulnerabilities. These vulnerabilities can lead to remote code\nexecution, bypassing the scanning engine, remote denial-of-service,\nlocal file overwrite. (CVE-2008-1837, CVE-2008-1836, CVE-2008-1835,\nCVE-2008-1833, CVE-2008-1387, CVE-2008-1100, CVE-2008-0314,\nCVE-2007-6595, CVE-2007-6596)", "edition": 24, "published": "2008-04-25T00:00:00", "title": "openSUSE 10 Security Update : clamav (clamav-5199)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2007-6595", "CVE-2007-6596", "CVE-2008-0314", "CVE-2008-1833"], "modified": "2008-04-25T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:clamav", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:clamav-db"], "id": "SUSE_CLAMAV-5199.NASL", "href": "https://www.tenable.com/plugins/nessus/32047", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update clamav-5199.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32047);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6595\", \"CVE-2007-6596\", \"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\", \"CVE-2008-1835\", \"CVE-2008-1836\", \"CVE-2008-1837\");\n\n script_name(english:\"openSUSE 10 Security Update : clamav (clamav-5199)\");\n script_summary(english:\"Check for the clamav-5199 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version upgrade of ClamAV to 0.93 fixes a long list of\nvulnerabilities. These vulnerabilities can lead to remote code\nexecution, bypassing the scanning engine, remote denial-of-service,\nlocal file overwrite. (CVE-2008-1837, CVE-2008-1836, CVE-2008-1835,\nCVE-2008-1833, CVE-2008-1387, CVE-2008-1100, CVE-2008-0314,\nCVE-2007-6595, CVE-2007-6596)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 59, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"clamav-0.93-0.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"clamav-db-0.93-0.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"clamav-0.93-0.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"clamav-db-0.93-0.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"clamav-0.93-0.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"clamav-db-0.93-0.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav / clamav-db\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:31", "description": "Security update - upgrade to upstream version 0.93: CVE-2008-1100\n(#442360): Upack Processing Buffer Overflow Vulnerability\nCVE-2008-1387 (#442525): Endless loop / hang with crafted arj\nCVE-2008-0314 (#442740): PeSpin Heap Overflow Vulnerability\nCVE-2008-1836 (#442744): DoS via not null terminated string in\nrfc2231.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-05-16T00:00:00", "title": "Fedora 9 : clamav-0.93-1.fc9 (2008-3900)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-0314"], "modified": "2008-05-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:clamav"], "id": "FEDORA_2008-3900.NASL", "href": "https://www.tenable.com/plugins/nessus/32340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3900.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32340);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1836\");\n script_bugtraq_id(28756, 28784);\n script_xref(name:\"FEDORA\", value:\"2008-3900\");\n\n script_name(english:\"Fedora 9 : clamav-0.93-1.fc9 (2008-3900)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update - upgrade to upstream version 0.93: CVE-2008-1100\n(#442360): Upack Processing Buffer Overflow Vulnerability\nCVE-2008-1387 (#442525): Endless loop / hang with crafted arj\nCVE-2008-0314 (#442740): PeSpin Heap Overflow Vulnerability\nCVE-2008-1836 (#442744): DoS via not null terminated string in\nrfc2231.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442744\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/009901.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eae30a87\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"clamav-0.93-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:30", "description": "Security update - backport security fixes from 0.93: CVE-2008-1100\n(#442360): Upack Processing Buffer Overflow Vulnerability\nCVE-2008-1387 (#442525): Endless loop / hang with crafted arj\nCVE-2008-0314 (#442740): PeSpin Heap Overflow Vulnerability\nCVE-2008-1833 (#442741): PE WWPack Heap Overflow Vulnerability\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-05-01T00:00:00", "title": "Fedora 8 : clamav-0.92.1-2.fc8 (2008-3420)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1387", "CVE-2008-1100", "CVE-2008-0314", "CVE-2008-1833"], "modified": "2008-05-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:clamav"], "id": "FEDORA_2008-3420.NASL", "href": "https://www.tenable.com/plugins/nessus/32109", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3420.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32109);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\");\n script_bugtraq_id(28756, 28784);\n script_xref(name:\"FEDORA\", value:\"2008-3420\");\n\n script_name(english:\"Fedora 8 : clamav-0.92.1-2.fc8 (2008-3420)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update - backport security fixes from 0.93: CVE-2008-1100\n(#442360): Upack Processing Buffer Overflow Vulnerability\nCVE-2008-1387 (#442525): Endless loop / hang with crafted arj\nCVE-2008-0314 (#442740): PeSpin Heap Overflow Vulnerability\nCVE-2008-1833 (#442741): PE WWPack Heap Overflow Vulnerability\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009650.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b6b77e3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"clamav-0.92.1-2.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:30", "description": "Security update - backport security fixes from 0.93: CVE-2008-1100\n(#442360): Upack Processing Buffer Overflow Vulnerability\nCVE-2008-1387 (#442525): Endless loop / hang with crafted arj\nCVE-2008-0314 (#442740): PeSpin Heap Overflow Vulnerability\nCVE-2008-1833 (#442741): PE WWPack Heap Overflow Vulnerability\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-05-01T00:00:00", "title": "Fedora 7 : clamav-0.92.1-2.fc7 (2008-3358)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1387", "CVE-2008-1100", "CVE-2008-0314", "CVE-2008-1833"], "modified": "2008-05-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:clamav"], "id": "FEDORA_2008-3358.NASL", "href": "https://www.tenable.com/plugins/nessus/32097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3358.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32097);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1387\", \"CVE-2008-1833\");\n script_bugtraq_id(28756, 28784);\n script_xref(name:\"FEDORA\", value:\"2008-3358\");\n\n script_name(english:\"Fedora 7 : clamav-0.92.1-2.fc7 (2008-3358)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update - backport security fixes from 0.93: CVE-2008-1100\n(#442360): Upack Processing Buffer Overflow Vulnerability\nCVE-2008-1387 (#442525): Endless loop / hang with crafted arj\nCVE-2008-0314 (#442740): PeSpin Heap Overflow Vulnerability\nCVE-2008-1833 (#442741): PE WWPack Heap Overflow Vulnerability\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=442741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009601.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fdbf35a9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"clamav-0.92.1-2.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:00", "description": "Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2008-0314\n Damian Put discovered that a buffer overflow in the\n handler for PeSpin binaries may lead to the execution of\n arbitrary code.\n\n - CVE-2008-1100\n Alin Rad Pop discovered that a buffer overflow in the\n handler for Upack PE binaries may lead to the execution\n of arbitrary code.\n\n - CVE-2008-1833\n Damian Put and Thomas Pollet discovered that a buffer\n overflow in the handler for WWPack-compressed PE\n binaries may lead to the execution of arbitrary code.", "edition": 26, "published": "2008-04-22T00:00:00", "title": "Debian DSA-1549-1 : clamav - buffer overflows", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1100", "CVE-2008-0314", "CVE-2008-1833"], "modified": "2008-04-22T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:clamav"], "id": "DEBIAN_DSA-1549.NASL", "href": "https://www.tenable.com/plugins/nessus/32004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1549. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32004);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0314\", \"CVE-2008-1100\", \"CVE-2008-1833\");\n script_xref(name:\"DSA\", value:\"1549\");\n\n script_name(english:\"Debian DSA-1549-1 : clamav - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2008-0314\n Damian Put discovered that a buffer overflow in the\n handler for PeSpin binaries may lead to the execution of\n arbitrary code.\n\n - CVE-2008-1100\n Alin Rad Pop discovered that a buffer overflow in the\n handler for Upack PE binaries may lead to the execution\n of arbitrary code.\n\n - CVE-2008-1833\n Damian Put and Thomas Pollet discovered that a buffer\n overflow in the handler for WWPack-compressed PE\n binaries may lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1549\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the clamav packages.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 0.90.1dfsg-3etch11.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"clamav\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-base\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-daemon\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-dbg\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-docs\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-freshclam\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-milter\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-testfiles\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libclamav-dev\", reference:\"0.90.1dfsg-3etch11\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libclamav2\", reference:\"0.90.1dfsg-3etch11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:44:57", "description": "Several vulnerabilities have been discovered in the Clam anti-virus\ntoolkit, which may lead to the execution of arbitrary code or local\ndenial of service. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-6595\n It was discovered that temporary files are created\n insecurely, which may result in local denial of service\n by overwriting files.\n\n - CVE-2008-0318\n Silvio Cesare discovered an integer overflow in the\n parser for PE headers.\n\nThe version of clamav in the old stable distribution (sarge) is no\nlonger supported with security updates.", "edition": 27, "published": "2008-02-18T00:00:00", "title": "Debian DSA-1497-1 : clamav - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0318", "CVE-2007-6595"], "modified": "2008-02-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:clamav"], "id": "DEBIAN_DSA-1497.NASL", "href": "https://www.tenable.com/plugins/nessus/31102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1497. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31102);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6595\", \"CVE-2008-0318\");\n script_bugtraq_id(27751);\n script_xref(name:\"DSA\", value:\"1497\");\n\n script_name(english:\"Debian DSA-1497-1 : clamav - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Clam anti-virus\ntoolkit, which may lead to the execution of arbitrary code or local\ndenial of service. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-6595\n It was discovered that temporary files are created\n insecurely, which may result in local denial of service\n by overwriting files.\n\n - CVE-2008-0318\n Silvio Cesare discovered an integer overflow in the\n parser for PE headers.\n\nThe version of clamav in the old stable distribution (sarge) is no\nlonger supported with security updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1497\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the clamav packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.90.1dfsg-3etch10. In addition to these fixes, this update\nalso incorporates changes from the upcoming point release of the\nstable distribution (non-free RAR handling code was removed).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"clamav\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-base\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-daemon\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-dbg\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-docs\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-freshclam\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-milter\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"clamav-testfiles\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libclamav-dev\", reference:\"0.90.1dfsg-3etch10\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libclamav2\", reference:\"0.90.1dfsg-3etch10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:19", "description": "The remote host is affected by the vulnerability described in GLSA-200802-09\n(ClamAV: Multiple vulnerabilities)\n\n An integer overflow has been reported in the 'cli_scanpe()' function in\n file libclamav/pe.c (CVE-2008-0318). Another unspecified vulnerability\n has been reported in file libclamav/mew.c (CVE-2008-0728).\n \nImpact :\n\n A remote attacker could entice a user or automated system to scan a\n specially crafted file, possibly leading to the execution of arbitrary\n code with the privileges of the user running ClamAV (either a system\n user or the 'clamav' user if clamd is compromised).\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "published": "2008-02-25T00:00:00", "title": "GLSA-200802-09 : ClamAV: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0318", "CVE-2008-0728"], "modified": "2008-02-25T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:clamav"], "id": "GENTOO_GLSA-200802-09.NASL", "href": "https://www.tenable.com/plugins/nessus/31157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31157);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0318\", \"CVE-2008-0728\");\n script_xref(name:\"GLSA\", value:\"200802-09\");\n\n script_name(english:\"GLSA-200802-09 : ClamAV: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-09\n(ClamAV: Multiple vulnerabilities)\n\n An integer overflow has been reported in the 'cli_scanpe()' function in\n file libclamav/pe.c (CVE-2008-0318). Another unspecified vulnerability\n has been reported in file libclamav/mew.c (CVE-2008-0728).\n \nImpact :\n\n A remote attacker could entice a user or automated system to scan a\n specially crafted file, possibly leading to the execution of arbitrary\n code with the privileges of the user running ClamAV (either a system\n user or the 'clamav' user if clamd is compromised).\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ClamAV users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.92.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-antivirus/clamav\", unaffected:make_list(\"ge 0.92.1\"), vulnerable:make_list(\"lt 0.92.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ClamAV\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2008-0314", "CVE-2008-1833"], "edition": 1, "description": "### Background\n\nClam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. \n\n### Description\n\nMultiple vulnerabilities have been reported: \n\n * Damian Put reported a heap-based buffer overflow when processing PeSpin packed PE binaries (CVE-2008-0314). \n * Alin Rad Pop of Secunia Research reported a buffer overflow in the cli_scanpe() function when processing Upack PE binaries (CVE-2008-1100). \n * Hanno Boeck reported an infinite loop when processing ARJ archives (CVE-2008-1387). \n * Damian Put and Thomas Pollet reported a heap-based buffer overflow when processing WWPack compressed PE binaries (CVE-2008-1833). \n * A buffer over-read was discovered in the rfc2231() function when producing a string that is not NULL terminated (CVE-2008-1836). \n * An unspecified vulnerability leading to \"memory problems\" when scanning RAR files was reported (CVE-2008-1837). \n * Thierry Zoller reported that scanning of RAR files could be circumvented (CVE-2008-1835). \n\n### Impact\n\nA remote attacker could entice a user or automated system to scan a specially crafted file, possibly leading to the execution of arbitrary code with the privileges of the user running ClamAV (either a system user or the \"clamav\" user if clamd is compromised), or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.93\"", "modified": "2008-05-20T00:00:00", "published": "2008-05-20T00:00:00", "id": "GLSA-200805-19", "href": "https://security.gentoo.org/glsa/200805-19", "type": "gentoo", "title": "ClamAV: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0318", "CVE-2008-0728"], "description": "### Background\n\nClam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. \n\n### Description\n\nAn integer overflow has been reported in the \"cli_scanpe()\" function in file libclamav/pe.c (CVE-2008-0318). Another unspecified vulnerability has been reported in file libclamav/mew.c (CVE-2008-0728). \n\n### Impact\n\nA remote attacker could entice a user or automated system to scan a specially crafted file, possibly leading to the execution of arbitrary code with the privileges of the user running ClamAV (either a system user or the \"clamav\" user if clamd is compromised). \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.92.1\"", "edition": 1, "modified": "2008-02-21T00:00:00", "published": "2008-02-21T00:00:00", "id": "GLSA-200802-09", "href": "https://security.gentoo.org/glsa/200802-09", "type": "gentoo", "title": "ClamAV: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:43", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3215", "CVE-2008-2713", "CVE-2007-6595"], "edition": 1, "description": "### Background\n\nClam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. \n\n### Description\n\nDamian Put has discovered an out-of-bounds memory access while processing Petite files (CVE-2008-2713, CVE-2008-3215). Also, please note that the 0.93 ClamAV branch fixes the first of the two attack vectors of CVE-2007-6595 concerning an insecure creation of temporary files vulnerability. The sigtool attack vector seems still unfixed. \n\n### Impact\n\nA remote attacker could entice a user or automated system to scan a specially crafted Petite file, possibly resulting in a Denial of Service (daemon crash). Also, the insecure creation of temporary files vulnerability can be triggered by a local user to perform a symlink attack. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.93.3\"", "modified": "2008-08-08T00:00:00", "published": "2008-08-08T00:00:00", "id": "GLSA-200808-07", "href": "https://security.gentoo.org/glsa/200808-07", "type": "gentoo", "title": "ClamAV: Multiple Denials of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1836", "CVE-2008-1387", "CVE-2008-1100", "CVE-2008-1835", "CVE-2008-1837", "CVE-2007-6595", "CVE-2007-6596", "CVE-2008-0314", "CVE-2008-1833"], "description": "The AntiVirus scan engine ClamAV was updated to version 0.93 fixes a long list of vulnerabilities. These vulnerabilities can lead to remote code execution, bypassing the scanning engine, remote denial-of-service, local file overwrite. (CVE-2008-1837, CVE-2008-1836, CVE-2008-1835, CVE-2008-1833, CVE-2008-1387, CVE-2008-1100, CVE-2008-0314, CVE-2007-6595, CVE-2007-6596) Since the library changed, we also released updated klamav packages for openSUSE 10.2 and 10.3.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2008-04-24T17:12:58", "published": "2008-04-24T17:12:58", "id": "SUSE-SA:2008:024", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html", "title": "remote code execution in clamav", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-10-03T11:45:55", "description": "ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.", "edition": 3, "cvss3": {}, "published": "2007-12-31T19:46:00", "title": "CVE-2007-6595", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6595"], "modified": "2018-10-15T21:55:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.92"], "id": "CVE-2007-6595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6595", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:50:56", "description": "Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.", "edition": 3, "cvss3": {}, "published": "2008-04-16T15:05:00", "title": "CVE-2008-0314", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0314"], "modified": "2017-08-08T01:29:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.92.1"], "id": "CVE-2008-0314", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0314", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:20", "description": "Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.", "edition": 5, "cvss3": {}, "published": "2008-02-12T20:00:00", "title": "CVE-2008-0318", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0318"], "modified": "2011-03-07T05:00:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.92"], "id": "CVE-2008-0318", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0318", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:20", "description": "The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger \"heap corruption.\"", "edition": 6, "cvss3": {}, "published": "2008-02-12T20:00:00", "title": "CVE-2008-0728", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0728"], "modified": "2017-08-08T01:29:00", "cpe": ["cpe:/a:clamav:clamav:0.90.1", "cpe:/a:clamav:clamav:0.87", "cpe:/a:clamav:clamav:0.02", "cpe:/a:clamav:clamav:0.84", "cpe:/a:clamav:clamav:0.88.5", "cpe:/a:clamav:clamav:0.75.1", "cpe:/a:clamav:clamav:0.88.7_p1", "cpe:/a:clamav:clamav:0.88.6", "cpe:/a:clamav:clamav:0.92_p0", "cpe:/a:clamav:clamav:0.91.2", "cpe:/a:clamav:clamav:0.51", "cpe:/a:clamav:clamav:0.90", "cpe:/a:clamav:clamav:0.85", "cpe:/a:clamav:clamav:0.91.2_p0", "cpe:/a:clamav:clamav:0.90.3_p0", "cpe:/a:clamav:clamav:0.90.3", "cpe:/a:clamav:clamav:0.8", "cpe:/a:clamav:clamav:0.88.7", "cpe:/a:clamav:clamav:0.60", "cpe:/a:clamav:clamav:0.88", "cpe:/a:clamav:clamav:0.75", "cpe:/a:clamav:clamav:0.60p", "cpe:/a:clamav:clamav:0.71", "cpe:/a:clamav:clamav:0.91", "cpe:/a:clamav:clamav:0.03", "cpe:/a:clamav:clamav:0.65", "cpe:/a:clamav:clamav:0.91.1", "cpe:/a:clamav:clamav:0.86.2", "cpe:/a:clamav:clamav:0.66", "cpe:/a:clamav:clamav:0.10", "cpe:/a:clamav:clamav:0.01", "cpe:/a:clamav:clamav:0.87.1", "cpe:/a:clamav:clamav:0.24", "cpe:/a:clamav:clamav:0.74", "cpe:/a:clamav:clamav:0.05", "cpe:/a:clamav:clamav:0.20", "cpe:/a:clamav:clamav:0.88.2", "cpe:/a:clamav:clamav:0.88.1", "cpe:/a:clamav:clamav:0.68", "cpe:/a:clamav:clamav:0.22", "cpe:/a:clamav:clamav:0.21", "cpe:/a:clamav:clamav:0.90.1_p0", "cpe:/a:clamav:clamav:0.80", "cpe:/a:clamav:clamav:0.90.2_p0", "cpe:/a:clamav:clamav:0.80_rc", "cpe:/a:clamav:clamav:0.53", "cpe:/a:clamav:clamav:0.92", "cpe:/a:clamav:clamav:0.86.1", "cpe:/a:clamav:clamav:0.81", "cpe:/a:clamav:clamav:0.14", "cpe:/a:clamav:clamav:0.23", "cpe:/a:clamav:clamav:0.12", "cpe:/a:clamav:clamav:0.67-1", "cpe:/a:clamav:clamav:0.52", "cpe:/a:clamav:clamav:0.86", "cpe:/a:clamav:clamav:0.68.1", "cpe:/a:clamav:clamav:0.70", "cpe:/a:clamav:clamav:0.54", "cpe:/a:clamav:clamav:0.13", "cpe:/a:clamav:clamav:0.88.4", "cpe:/a:clamav:clamav:0.9", "cpe:/a:clamav:clamav:0.88.7_p0", "cpe:/a:clamav:clamav:0.82", "cpe:/a:clamav:clamav:0.90.3_p1", "cpe:/a:clamav:clamav:0.67", "cpe:/a:clamav:clamav:0.88.3", "cpe:/a:clamav:clamav:0.72", "cpe:/a:clamav:clamav:0.3", "cpe:/a:clamav:clamav:0.83", "cpe:/a:clamav:clamav:0.90.2", "cpe:/a:clamav:clamav:0.85.1", "cpe:/a:clamav:clamav:0.73", "cpe:/a:clamav:clamav:0.15"], "id": "CVE-2008-0728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0728", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90.3_p1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.91.2_p0:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.7_p0:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.7_p1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90.3_p0:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.92_p0:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90.2_p0:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90.1_p0:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*", "cpe:2.3:a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:22", "description": "libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger \"memory problems,\" as demonstrated by the PROTOS GENOME test suite for Archive Formats.", "edition": 5, "cvss3": {}, "published": "2008-04-16T16:05:00", "title": "CVE-2008-1837", "type": "cve", "cwe": ["NVD-CWE-noinfo", "CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1837"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.88.4", "cpe:/a:clam_anti-virus:clamav:0.71", "cpe:/a:clam_anti-virus:clamav:0.51", "cpe:/a:clam_anti-virus:clamav:0.90_rc2", "cpe:/a:clam_anti-virus:clamav:0.91rc1", "cpe:/a:clam_anti-virus:clamav:0.70", "cpe:/a:clam_anti-virus:clamav:0.90_rc3", "cpe:/a:clam_anti-virus:clamav:0.15", "cpe:/a:clam_anti-virus:clamav:0.80_rc3", "cpe:/a:clam_anti-virus:clamav:0.91.2", "cpe:/a:clam_anti-virus:clamav:0.73", "cpe:/a:clam_anti-virus:clamav:0.84", "cpe:/a:clam_anti-virus:clamav:0.60", "cpe:/a:clam_anti-virus:clamav:0.20", "cpe:/a:clam_anti-virus:clamav:0.87.1", "cpe:/a:clam_anti-virus:clamav:0.22", "cpe:/a:clam_anti-virus:clamav:0.80_rc1", "cpe:/a:clam_anti-virus:clamav:0.88.1", "cpe:/a:clam_anti-virus:clamav:0.85", "cpe:/a:clam_anti-virus:clamav:0.88", "cpe:/a:clam_anti-virus:clamav:0.90rc1", "cpe:/a:clam_anti-virus:clamav:0.72", "cpe:/a:clam_anti-virus:clamav:0.84_rc1", "cpe:/a:clam_anti-virus:clamav:0.81", "cpe:/a:clam_anti-virus:clamav:0.88.6", "cpe:/a:clam_anti-virus:clamav:0.53", "cpe:/a:clam_anti-virus:clamav:0.83", "cpe:/a:clam_anti-virus:clamav:0.92.1", "cpe:/a:clam_anti-virus:clamav:0.86_rc1", "cpe:/a:clam_anti-virus:clamav:0.87", "cpe:/a:clam_anti-virus:clamav:0.88.3", "cpe:/a:clam_anti-virus:clamav:0.82", "cpe:/a:clam_anti-virus:clamav:0.68.1", "cpe:/a:clam_anti-virus:clamav:0.91", "cpe:/a:clam_anti-virus:clamav:0.80_rc4", "cpe:/a:clam_anti-virus:clamav:0.74", "cpe:/a:clam_anti-virus:clamav:0.91.1", "cpe:/a:clam_anti-virus:clamav:0.68", "cpe:/a:clam_anti-virus:clamav:0.54", "cpe:/a:clam_anti-virus:clamav:0.60p", "cpe:/a:clam_anti-virus:clamav:0.80_rc2", "cpe:/a:clam_anti-virus:clamav:0.67", "cpe:/a:clam_anti-virus:clamav:0.86.1", "cpe:/a:clam_anti-virus:clamav:0.88.7", "cpe:/a:clam_anti-virus:clamav:0.92", "cpe:/a:clam_anti-virus:clamav:0.90.2", "cpe:/a:clam_anti-virus:clamav:0.21", "cpe:/a:clam_anti-virus:clamav:0.86", "cpe:/a:clam_anti-virus:clamav:0.90_rc1.1", "cpe:/a:clam_anti-virus:clamav:0.88.5", "cpe:/a:clam_anti-virus:clamav:0.90", "cpe:/a:clam_anti-virus:clamav:0.52", "cpe:/a:clam_anti-virus:clamav:0.81_rc1", "cpe:/a:clam_anti-virus:clamav:0.23", "cpe:/a:clam_anti-virus:clamav:0.80", "cpe:/a:clam_anti-virus:clamav:0.85.1", "cpe:/a:clam_anti-virus:clamav:0.84_rc2", "cpe:/a:clam_anti-virus:clamav:0.90.1", "cpe:/a:clam_anti-virus:clamav:0.65", "cpe:/a:clam_anti-virus:clamav:0.24", "cpe:/a:clam_anti-virus:clamav:0.86.2", "cpe:/a:clam_anti-virus:clamav:0.75", "cpe:/a:clam_anti-virus:clamav:0.75.1", "cpe:/a:clam_anti-virus:clamav:0.91rc2"], "id": "CVE-2008-1837", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1837", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:50:58", "description": "ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.", "edition": 3, "cvss3": {}, "published": "2008-04-16T16:05:00", "title": "CVE-2008-1387", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1387"], "modified": "2018-10-11T20:33:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.90_rc2", "cpe:/a:clam_anti-virus:clamav:0.90_rc3", "cpe:/a:clam_anti-virus:clamav:0.90rc1", "cpe:/a:clam_anti-virus:clamav:0.91", "cpe:/a:clam_anti-virus:clamav:0.92", "cpe:/a:clam_anti-virus:clamav:0.90_rc1.1", "cpe:/a:clam_anti-virus:clamav:0.90", "cpe:/a:clam_anti-virus:clamav:0.90.1"], "id": "CVE-2008-1387", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1387", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:22", "description": "ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.", "edition": 5, "cvss3": {}, "published": "2008-04-16T16:05:00", "title": "CVE-2008-1835", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1835"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.88.4", "cpe:/a:clam_anti-virus:clamav:0.71", "cpe:/a:clam_anti-virus:clamav:0.51", "cpe:/a:clam_anti-virus:clamav:0.90_rc2", "cpe:/a:clam_anti-virus:clamav:0.91rc1", "cpe:/a:clam_anti-virus:clamav:0.70", "cpe:/a:clam_anti-virus:clamav:0.90_rc3", "cpe:/a:clam_anti-virus:clamav:0.15", "cpe:/a:clam_anti-virus:clamav:0.80_rc3", "cpe:/a:clam_anti-virus:clamav:0.91.2", "cpe:/a:clam_anti-virus:clamav:0.73", "cpe:/a:clam_anti-virus:clamav:0.84", "cpe:/a:clam_anti-virus:clamav:0.60", "cpe:/a:clam_anti-virus:clamav:0.20", "cpe:/a:clam_anti-virus:clamav:0.87.1", "cpe:/a:clam_anti-virus:clamav:0.22", "cpe:/a:clam_anti-virus:clamav:0.80_rc1", "cpe:/a:clam_anti-virus:clamav:0.88.1", "cpe:/a:clam_anti-virus:clamav:0.85", "cpe:/a:clam_anti-virus:clamav:0.88", "cpe:/a:clam_anti-virus:clamav:0.90rc1", "cpe:/a:clam_anti-virus:clamav:0.72", "cpe:/a:clam_anti-virus:clamav:0.84_rc1", "cpe:/a:clam_anti-virus:clamav:0.81", "cpe:/a:clam_anti-virus:clamav:0.88.6", "cpe:/a:clam_anti-virus:clamav:0.53", "cpe:/a:clam_anti-virus:clamav:0.83", "cpe:/a:clam_anti-virus:clamav:0.92.1", "cpe:/a:clam_anti-virus:clamav:0.86_rc1", "cpe:/a:clam_anti-virus:clamav:0.87", "cpe:/a:clam_anti-virus:clamav:0.88.3", "cpe:/a:clam_anti-virus:clamav:0.82", "cpe:/a:clam_anti-virus:clamav:0.68.1", "cpe:/a:clam_anti-virus:clamav:0.91", "cpe:/a:clam_anti-virus:clamav:0.80_rc4", "cpe:/a:clam_anti-virus:clamav:0.74", "cpe:/a:clam_anti-virus:clamav:0.91.1", "cpe:/a:clam_anti-virus:clamav:0.68", "cpe:/a:clam_anti-virus:clamav:0.54", "cpe:/a:clam_anti-virus:clamav:0.60p", "cpe:/a:clam_anti-virus:clamav:0.80_rc2", "cpe:/a:clam_anti-virus:clamav:0.67", "cpe:/a:clam_anti-virus:clamav:0.86.1", "cpe:/a:clam_anti-virus:clamav:0.88.7", "cpe:/a:clam_anti-virus:clamav:0.92", "cpe:/a:clam_anti-virus:clamav:0.90.2", "cpe:/a:clam_anti-virus:clamav:0.21", "cpe:/a:clam_anti-virus:clamav:0.86", "cpe:/a:clam_anti-virus:clamav:0.90_rc1.1", "cpe:/a:clam_anti-virus:clamav:0.88.5", "cpe:/a:clam_anti-virus:clamav:0.90", "cpe:/a:clam_anti-virus:clamav:0.52", "cpe:/a:clam_anti-virus:clamav:0.81_rc1", "cpe:/a:clam_anti-virus:clamav:0.23", "cpe:/a:clam_anti-virus:clamav:0.80", "cpe:/a:clam_anti-virus:clamav:0.85.1", "cpe:/a:clam_anti-virus:clamav:0.84_rc2", "cpe:/a:clam_anti-virus:clamav:0.90.1", "cpe:/a:clam_anti-virus:clamav:0.65", "cpe:/a:clam_anti-virus:clamav:0.24", "cpe:/a:clam_anti-virus:clamav:0.86.2", "cpe:/a:clam_anti-virus:clamav:0.75", "cpe:/a:clam_anti-virus:clamav:0.75.1", "cpe:/a:clam_anti-virus:clamav:0.91rc2"], "id": "CVE-2008-1835", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1835", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:50:58", "description": "The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.", "edition": 3, "cvss3": {}, "published": "2008-04-16T16:05:00", "title": "CVE-2008-1836", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1836"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.90_rc2", "cpe:/a:clam_anti-virus:clamav:0.90_rc3", "cpe:/a:clam_anti-virus:clamav:0.90rc1", "cpe:/a:clam_anti-virus:clamav:0.91", "cpe:/a:clam_anti-virus:clamav:0.92", "cpe:/a:clam_anti-virus:clamav:0.90_rc1.1", "cpe:/a:clam_anti-virus:clamav:0.90", "cpe:/a:clam_anti-virus:clamav:0.90.1"], "id": "CVE-2008-1836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1836", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:50:58", "description": "Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.", "edition": 3, "cvss3": {}, "published": "2008-04-14T16:05:00", "title": "CVE-2008-1100", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1100"], "modified": "2017-08-08T01:29:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.92.1", "cpe:/a:clam_anti-virus:clamav:0.92"], "id": "CVE-2008-1100", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1100", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:50:58", "description": "Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.", "edition": 3, "cvss3": {}, "published": "2008-04-16T15:05:00", "title": "CVE-2008-1833", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1833"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:clam_anti-virus:clamav:0.92.1"], "id": "CVE-2008-1833", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1833", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0314", "CVE-2008-1100", "CVE-2008-1387", "CVE-2008-1836"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-05-14T22:09:25", "published": "2008-05-14T22:09:25", "id": "FEDORA:M4EM9PRD000623", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: clamav-0.93-1.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6335", "CVE-2008-0314", "CVE-2008-1100", "CVE-2008-1387", "CVE-2008-1833"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-04-29T21:01:37", "published": "2008-04-29T21:01:37", "id": "FEDORA:M3TLGKXW031661", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: clamav-0.92.1-2.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6335", "CVE-2008-0314", "CVE-2008-1100", "CVE-2008-1387", "CVE-2008-1833", "CVE-2008-2713"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-07-17T14:17:14", "published": "2008-07-17T14:17:14", "id": "FEDORA:M6HEGOFP009036", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: clamav-0.92.1-3.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4510", "CVE-2007-6335", "CVE-2008-0314", "CVE-2008-1100", "CVE-2008-1387", "CVE-2008-1833"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-04-29T20:56:27", "published": "2008-04-29T20:56:27", "id": "FEDORA:M3TLB9PC030826", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: clamav-0.92.1-2.fc7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6335", "CVE-2008-0314", "CVE-2008-1100", "CVE-2008-1387", "CVE-2008-1833", "CVE-2008-2713", "CVE-2008-3912", "CVE-2008-3913", "CVE-2008-3914", "CVE-2008-5050"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-11-14T12:46:28", "published": "2008-11-14T12:46:28", "id": "FEDORA:1D27B20876F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: clamav-0.92.1-4.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6335", "CVE-2008-0318"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-02-13T05:16:27", "published": "2008-02-13T05:16:27", "id": "FEDORA:M1D5GIIH006760", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: clamav-0.92.1-1.fc8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4510", "CVE-2007-6335", "CVE-2008-0318"], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2008-02-13T05:14:44", "published": "2008-02-13T05:14:44", "id": "FEDORA:M1D5EK0O006502", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: clamav-0.92.1-1.fc7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:15:54", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0318", "CVE-2007-6595"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1497-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 16, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : clamav\nVulnerability : several\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-6595 CVE-2008-0318\n\nSeveral vulnerabilities have been discovered in the Clam anti-virus\ntoolkit, which may lead to the execution of arbitrary or local denial\nof service. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-6595\n\n It was discovered that temporary files are created insecurely,\n which may result in local denial of service by overwriting files.\n\nCVE-2008-0318\n\n Silvio Cesare discovered an integer overflow in the parser for PE\n headers.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.90.1dfsg-3etch10. In addition to these fixes, this update\nalso incorporates changes from the upcoming point release of the\nstable distribution (non-free RAR handling code was removed).\n\nThe version of clamav in the old stable distribution (sarge) is no\nlonger supported with security updates.\n\nWe recommend that you upgrade your clamav packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz\n Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10.dsc\n Size/MD5 checksum: 900 fdaf84e03a9eb28d67bbd7f5d3e3614a\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10.diff.gz\n Size/MD5 checksum: 208025 ed8148dbb71bedbbe65fe189010713e5\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3etch10_all.deb\n Size/MD5 checksum: 158102 421560c1c6070241a5507617e2f46f7a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3etch10_all.deb\n Size/MD5 checksum: 201866 5b0642d866ef0bc29f165937aa560112\n http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3etch10_all.deb\n Size/MD5 checksum: 1005158 55a5202ff06ca5e16b10aa5d3661fe75\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_alpha.deb\n Size/MD5 checksum: 464362 f84e2ff9cd5456bbd4e5243ac8349824\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_alpha.deb\n Size/MD5 checksum: 372286 09c72a290ec14dba2bd69a54441f106b\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_alpha.deb\n Size/MD5 checksum: 863734 c6b4cb433f8b507b535e8f6b2ec786a4\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_alpha.deb\n Size/MD5 checksum: 9304100 283349257ed19031005efabbc3952ccb\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_alpha.deb\n Size/MD5 checksum: 598478 dff2f56a270fc6d27849e2cefaa411d1\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_alpha.deb\n Size/MD5 checksum: 180538 f931506803e06aef134241b1d84c7b2d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_alpha.deb\n Size/MD5 checksum: 184926 a83fc8a8555a69c9a59c5e15240dc7a4\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_amd64.deb\n Size/MD5 checksum: 177260 e5e7228d643484ddb117bbf3931f476c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_amd64.deb\n Size/MD5 checksum: 177828 61b1d02a43bd1a1721338c4ce7c3a422\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_amd64.deb\n Size/MD5 checksum: 593024 d4b2eb626b4e6fef5bcde4ac222c6454\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_amd64.deb\n Size/MD5 checksum: 9301526 a917f5918ca948b1b706f9f97130cbff\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_amd64.deb\n Size/MD5 checksum: 341212 074e61d5932c8273aa3648a01b3d199d\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_amd64.deb\n Size/MD5 checksum: 354574 e9d7cd1db27d4d6ff0e831edd3fef2e7\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_amd64.deb\n Size/MD5 checksum: 856322 6c33d3f144ffa61bab3b520ce2848157\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_arm.deb\n Size/MD5 checksum: 171432 d1b27aca7795f9efcf24ca635a88e183\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_arm.deb\n Size/MD5 checksum: 175574 a02de1a18d3bddafdea347edffc6df93\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_arm.deb\n Size/MD5 checksum: 335222 b3d1e8b2e533096db0e23355b120a215\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_arm.deb\n Size/MD5 checksum: 9299406 23766091d8962592de83172d6e38519d\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_arm.deb\n Size/MD5 checksum: 853168 bb3033315390a31b4b2ea286b9462444\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_arm.deb\n Size/MD5 checksum: 553796 273ec96bb8eb1bebba67b2948a5b555d\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_arm.deb\n Size/MD5 checksum: 335776 bb2869b91aaeb6897c9485f3300f3ed3\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_hppa.deb\n Size/MD5 checksum: 396356 f5e732fe99bd168a4ae70c70eebcd1fa\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_hppa.deb\n Size/MD5 checksum: 178356 267a08d94c9680072d5a48e59aa4091e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_hppa.deb\n Size/MD5 checksum: 9303518 11be572a7eb2cdecd2ec5468490ec123\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_hppa.deb\n Size/MD5 checksum: 571608 318206fa992b380ab7cbc2d3fddb962a\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_hppa.deb\n Size/MD5 checksum: 372312 a7f72014c1c37ca35d59e53ae9029e31\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_hppa.deb\n Size/MD5 checksum: 177664 87a684e9fc27b82b488eaa96ec1b21ce\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_hppa.deb\n Size/MD5 checksum: 857448 ae1563fdebe259c63439cdb9ed93fbb6\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_i386.deb\n Size/MD5 checksum: 172654 120ceba726419c8f0c7bf36702a165b6\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_i386.deb\n Size/MD5 checksum: 855988 4379ab276bcddfa2de2afb4a28d45b92\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_i386.deb\n Size/MD5 checksum: 9300936 3de4dc89b270bfb43e4d3060ac083769\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_i386.deb\n Size/MD5 checksum: 559940 5965d3bb43c964272f0e374b495520a7\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_i386.deb\n Size/MD5 checksum: 338418 752b3738479c070b0934294470d16f2d\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_i386.deb\n Size/MD5 checksum: 339656 73b2c60bb4357188b4e6da5258c9313d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_i386.deb\n Size/MD5 checksum: 175332 62182b035a595edf9900528b31a93636\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_ia64.deb\n Size/MD5 checksum: 610248 ae421a5085da3c747f7ae61970653089\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_ia64.deb\n Size/MD5 checksum: 192218 96b2dac90209942f6fd76d89b06051b6\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_ia64.deb\n Size/MD5 checksum: 201948 a6afd51d36c3beb42d2a8c9ee81c791a\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_ia64.deb\n Size/MD5 checksum: 465282 9674fecaea45d00e6cafbb968bc9c84f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_ia64.deb\n Size/MD5 checksum: 9315570 a6494553e580af204acfc3ef57815c66\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_ia64.deb\n Size/MD5 checksum: 878724 02cb3b6d395462cca58e4d71df92c9f5\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_ia64.deb\n Size/MD5 checksum: 427098 940933bfd1a6ae8209ccba7ac9ad5c15\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_mips.deb\n Size/MD5 checksum: 175204 2fa965bed67d384ec9a011bb9ac2d023\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_mips.deb\n Size/MD5 checksum: 343012 20916656010a03b84a28801c0a4340b5\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_mips.deb\n Size/MD5 checksum: 398084 4efac167cb091944c8669040b3e2ddc5\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_mips.deb\n Size/MD5 checksum: 9301350 b071e55bceed1b74b3ef5e87d41600c1\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_mips.deb\n Size/MD5 checksum: 599362 891879d3f4b662e8bb1b311a081941f3\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_mips.deb\n Size/MD5 checksum: 854890 c5b72bfa592c5b42ab7753ce91b7559c\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_mips.deb\n Size/MD5 checksum: 179370 d1d697ad74196477910fee87a5125d6e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_mipsel.deb\n Size/MD5 checksum: 336394 9e24d8323eabc7ff6b4956760807cfdd\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_mipsel.deb\n Size/MD5 checksum: 389264 d3e430dccc4b5607d17b24054a8057ee\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_mipsel.deb\n Size/MD5 checksum: 176198 ddc27f8c962278ee672d74b69c309852\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_mipsel.deb\n Size/MD5 checksum: 854884 d92f4118974da878fc145700874af7cc\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_mipsel.deb\n Size/MD5 checksum: 180264 8059ea705c23baacee90fc25baf8f5be\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_mipsel.deb\n Size/MD5 checksum: 590418 6747b1e6c47885abbed4f69c6498839d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_mipsel.deb\n Size/MD5 checksum: 9301872 cec2eddb15c0c0cc2aa74153abbaf773\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_s390.deb\n Size/MD5 checksum: 361024 0d8d132cc01ac81897f86323fef0bbb0\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_s390.deb\n Size/MD5 checksum: 855508 5c90da24c7729ebaf76070b7a8de2188\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_s390.deb\n Size/MD5 checksum: 9301126 0f5305603804e2cb3b707a96f565715d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_s390.deb\n Size/MD5 checksum: 177422 ea3f44572ccb4d250deab0631fbb9977\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_s390.deb\n Size/MD5 checksum: 581234 6d2e198b8d7b402b3c904ff389de74c8\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_s390.deb\n Size/MD5 checksum: 176640 c38feac81c33f0bf9d328b94eba94321\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_s390.deb\n Size/MD5 checksum: 369494 dae23d207fa1b58e113781f4b536fc7b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_sparc.deb\n Size/MD5 checksum: 540684 444abf601591de3668474e11cc4f185d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_sparc.deb\n Size/MD5 checksum: 174316 93dd45b1841345c08740b3087d1b315c\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_sparc.deb\n Size/MD5 checksum: 348604 1f82ef68229b550698bb731fd774e025\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_sparc.deb\n Size/MD5 checksum: 357318 cf4a75b40792078268e28470d79d4945\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_sparc.deb\n Size/MD5 checksum: 172386 bb9b8f6f9400f17d7d25a7b9cc5f8a4f\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_sparc.deb\n Size/MD5 checksum: 851638 f916bf0a41766c16ffb49440e9fc0170\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_sparc.deb\n Size/MD5 checksum: 9299024 0516d4ccf319dd4cd4d85b1226763b8d\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2008-02-16T15:26:28", "published": "2008-02-16T15:26:28", "id": "DEBIAN:DSA-1497-1:618ED", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00060.html", "title": "[SECURITY] [DSA 1497-1] New clamav packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:16:53", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1100", "CVE-2008-0314"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1549-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 17, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : clamav\nVulnerability : buffer overflows\nProblem type : remotee\nDebian-specific: no\nCVE Id(s) : CVE-2008-0314 CVE-2008-1100\n\nSeveral remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2008-0314\n\n Damian Put discovered that a buffer overflow in the handler for\n PeSpin binaries may lead to the execution of arbitrary code.\n\nCVE-2008-1100\n\n Alin Rad Pop discovered that a buffer overflow in the handler for\n Upack PE binaries may lead to the execution of arbitrary code.\n\nno CVE yet\n\n Damian Put and Thomas Pollet discovered that a buffer overflow in\n the handler for WWPack-compressed PE binaries may lead to the\n execution of arbitrary code.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 0.90.1-3etch11.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.92.1~dfsg2-1\n\nWe recommend that you upgrade your clamav packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc and s390.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz\n Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11.diff.gz\n Size/MD5 checksum: 208888 c0cad053803837532517aee6ecaa4c09\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11.dsc\n Size/MD5 checksum: 900 03248d62d3abe0eeb38db9120e0930c5\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3etch11_all.deb\n Size/MD5 checksum: 158166 d4a39b4d4759fb639e937f33f109d7a9\n http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3etch11_all.deb\n Size/MD5 checksum: 201930 d23f3dafd754eec49e1e4207b47903c0\n http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3etch11_all.deb\n Size/MD5 checksum: 1005212 91688a455e07d61916bf4598176488e9\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_alpha.deb\n Size/MD5 checksum: 372564 3b909af9a8cd3f1e77d4d5d6fbd947e3\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_alpha.deb\n Size/MD5 checksum: 861998 0484d2bbe45b71d63e76b86459b3b17b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_alpha.deb\n Size/MD5 checksum: 9304930 3f34b1990a2899bb55cfa43037d8868a\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_alpha.deb\n Size/MD5 checksum: 182414 4ac46cfda39f5217b4ccb7c95f5b3524\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_alpha.deb\n Size/MD5 checksum: 597274 74dd12051e484483bd9630b807a0f5f1\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_alpha.deb\n Size/MD5 checksum: 464958 cbaa566557a92c3ad85f36f88d4de47d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_alpha.deb\n Size/MD5 checksum: 180606 16b631abb2dfd7dc72fb97fb86a9d422\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_amd64.deb\n Size/MD5 checksum: 354764 e6eddaf706aa6ca07d8a72cc6989912c\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_amd64.deb\n Size/MD5 checksum: 856390 40166ed480016a45e9be3f0da3395777\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_amd64.deb\n Size/MD5 checksum: 9301588 35519473079304e22519e792d82e1289\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_amd64.deb\n Size/MD5 checksum: 593128 c7c4b03fbfa9175fef55891ab3aa5c19\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_amd64.deb\n Size/MD5 checksum: 341302 8b3cae13d252851cfc84a7b6f66204f7\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_amd64.deb\n Size/MD5 checksum: 177876 e642766375c554919ed456d5e92447cc\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_amd64.deb\n Size/MD5 checksum: 177298 309805507c29b129ec47112e6949b6ab\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_arm.deb\n Size/MD5 checksum: 335328 b00c561408e748bb2e413f7581089402\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_arm.deb\n Size/MD5 checksum: 553846 73fdb847d99906445790579d5cc41044\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_arm.deb\n Size/MD5 checksum: 175624 38f7024d6a7d92b3543b7107565aa7b7\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_arm.deb\n Size/MD5 checksum: 853226 47eefd83625a89e7c9dc61c67a6a6968\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_arm.deb\n Size/MD5 checksum: 9299460 7437e513d332c575e2312d96ebdb678d\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_arm.deb\n Size/MD5 checksum: 336044 c45eaaaaf8b9499aeea223c7e7d8b368\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_arm.deb\n Size/MD5 checksum: 171494 5bdb879ee6e72a97f1487ddd348c97c1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_hppa.deb\n Size/MD5 checksum: 571630 79042504632c5948ccfb18c80d43f50e\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_hppa.deb\n Size/MD5 checksum: 177830 915f8b5e7fed1dbbda519beccd10bf64\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_hppa.deb\n Size/MD5 checksum: 178106 a9532ce82647be98e6024a34c6df0803\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_hppa.deb\n Size/MD5 checksum: 857312 295885a4f103f01a2ac0e09f907f5b6f\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_hppa.deb\n Size/MD5 checksum: 9303710 98814e259935d934e8a7dce7566b150e\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_hppa.deb\n Size/MD5 checksum: 372588 12329f5e345b5b75582d226042a43d1e\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_hppa.deb\n Size/MD5 checksum: 396038 4fd3b922c071a39d3db85d473f16af81\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_i386.deb\n Size/MD5 checksum: 337948 efa50463560eb0049b0f441b5418b495\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_i386.deb\n Size/MD5 checksum: 175398 792488eca0e549c713804cb576572d50\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_i386.deb\n Size/MD5 checksum: 856050 7f04056d4f2bd8e4f168e227889c7670\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_i386.deb\n Size/MD5 checksum: 560016 ddd1102826c16551ee7fd17817e2ad31\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_i386.deb\n Size/MD5 checksum: 339816 246af997de6f3e609ed36630ef8b6d2b\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_i386.deb\n Size/MD5 checksum: 172720 573918fb827472d8c748207db0f221fb\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_i386.deb\n Size/MD5 checksum: 9301010 dbacd8e9cd5cc573ccfbb86f31ace8ff\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_ia64.deb\n Size/MD5 checksum: 9315620 93fb059b7a677205cb4ffd27572f1a91\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_ia64.deb\n Size/MD5 checksum: 192288 9c9c6ce3a9edcce61b698558e621761b\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_ia64.deb\n Size/MD5 checksum: 465502 cfb85ebcf8c8b5cfaebed0f2f7b2f14d\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_ia64.deb\n Size/MD5 checksum: 610398 0f767eec6a3e010a510ced00f2e67e92\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_ia64.deb\n Size/MD5 checksum: 427412 5a01303e155f1a8178fc88a35502c70c\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_ia64.deb\n Size/MD5 checksum: 878792 e8c190288fb5bbf987e6550338513bd6\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_ia64.deb\n Size/MD5 checksum: 202000 a8d5899d680c22e3e7a882761e1d536c\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_mips.deb\n Size/MD5 checksum: 9301424 328489f501cdbdfdd81d5546a746d2fa\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_mips.deb\n Size/MD5 checksum: 398214 42d1b6f6e957b7bd164bcb325345d5f6\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_mips.deb\n Size/MD5 checksum: 343136 4fd653b3685939df4cccf23c969c19b8\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_mips.deb\n Size/MD5 checksum: 599376 b2cac807438dfd6649c87bf14c2e9cfc\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_mips.deb\n Size/MD5 checksum: 175262 354a5c7234ec8dc8484c5297280b5c33\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_mips.deb\n Size/MD5 checksum: 854974 52b9945a3e2f95c700e546a097d88f74\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_mips.deb\n Size/MD5 checksum: 179436 e922c9ca6fc592c6d00284e61213b265\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_mipsel.deb\n Size/MD5 checksum: 590312 10b44590671900ea7176fc7a478cebd5\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_mipsel.deb\n Size/MD5 checksum: 854942 232dea685bba49dbed7658d49f81fd87\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_mipsel.deb\n Size/MD5 checksum: 176254 12ae19e5aa4d7d53df9942899caa85fb\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_mipsel.deb\n Size/MD5 checksum: 389390 ab929ceea4b3a5012cca28657f7d23b3\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_mipsel.deb\n Size/MD5 checksum: 180312 806e72e41e384e4691bd42a1a8103857\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_mipsel.deb\n Size/MD5 checksum: 9301922 862f9db8c4943b6a33b58848e266bae3\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_mipsel.deb\n Size/MD5 checksum: 336568 82c1a0900df32adc33ce12cd2980219e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_powerpc.deb\n Size/MD5 checksum: 590626 a1bae09f39acaa89fb4c7fe17dc8077c\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_powerpc.deb\n Size/MD5 checksum: 372158 fe6e24505b409621dbf5460104e91e43\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_powerpc.deb\n Size/MD5 checksum: 182108 eeea82f3f623a3a17588aec22fcd36ad\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_powerpc.deb\n Size/MD5 checksum: 350148 d85953a9e22a022dac5e94f3ee6a96fb\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_powerpc.deb\n Size/MD5 checksum: 9302668 ef056aee467ecce308dd81b2e24aceb3\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_powerpc.deb\n Size/MD5 checksum: 857610 6be00c12fc6ea2a660ad8d9d635e16ee\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_powerpc.deb\n Size/MD5 checksum: 176702 25d2fb7c7cd628d4174755ac5e628988\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_s390.deb\n Size/MD5 checksum: 9301232 303aa89a4d5fd2034ad4a9de6dcc2a34\n http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_s390.deb\n Size/MD5 checksum: 855574 fefb28aa639208bf876f42aefeade920\n http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_s390.deb\n Size/MD5 checksum: 581288 bd0e20c31e961dfe16e5ea47d3129e08\n http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_s390.deb\n Size/MD5 checksum: 361200 620cf22a2fcb1c5500f703b2d0829a24\n http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_s390.deb\n Size/MD5 checksum: 369756 82b744abc26a0cfdfa50f3f3b913ddbc\n http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_s390.deb\n Size/MD5 checksum: 176692 8a8a318a0b41e5a122ea2ffa4fb6bffd\n http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_s390.deb\n Size/MD5 checksum: 177486 482e2693e8f2361cb2c47b72d758093e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2008-04-17T20:53:13", "published": "2008-04-17T20:53:13", "id": "DEBIAN:DSA-1549-1:75007", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00120.html", "title": "[SECURITY] [DSA 1549-1] New clamav packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "cvelist": ["CVE-2008-1387"], "description": "Advisory published at:\r\nhttp://int21.de/cve/CVE-2008-1387-clamav.html\r\n\r\nclamav: Endless loop / hang with crafter arj, CVE-2008-1387\r\n\r\nReferences\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387\r\nhttp://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog\r\nhttp://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\r\n\r\nDescription\r\n\r\nCERT-FI published an advisory with a large number of samples of crafted \r\narchives.\r\nThe file with the md5sum b6046d890e6bd304e3756c88b989559a (named \r\nb6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load.\r\n\r\nIf you're running clamav on a mailserver, an attacker can DoS your Server \r\nremotely by sending some mails with the archive attached.\r\n\r\nWorkaround/Fix\r\n\r\nclamav 0.93 fixes this issue beside other security issues, if you're running \r\nclamav you should upgrade as soon as possible.\r\n\r\nDisclosure Timeline\r\n\r\n2008-03-17 CERT-FI publishes advisory\r\n2008-03-26 Vendor contacted\r\n2008-03-27 Vendor approves issue\r\n2008-04-14 Vendor releases 0.93\r\n2008-04-16 Advisory published\r\n\r\nCVE Information\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the name \r\nCVE-2008-1387 to this issue. This is a candidate for inclusion in the CVE \r\nlist (http://cve.mitre.org/), which standardizes names for security problems.\r\n\r\nCredits and copyright\r\n\r\nThis vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. \r\nIt's licensed under the creative commons attribution license.\r\n\r\nHanno Boeck, 2008-04-16, http://www.hboeck.de\r\n-- \r\nHanno Bock Blog: http://www.hboeck.de/\r\nGPG: 3DBD3B20 Jabber/Mail: hanno@hboeck.de", "edition": 1, "modified": "2008-04-15T00:00:00", "published": "2008-04-15T00:00:00", "id": "SECURITYVULNS:DOC:19660", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19660", "title": "[Full-disclosure] clamav: Endless loop / hang with crafter arj, CVE-2008-1387", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "cvelist": ["CVE-2008-1387", "CVE-2008-1386", "CVE-2008-1385"], "description": "Two smaller issues in s9y, published here:\r\nhttp://int21.de/cve/CVE-2008-1386-s9y.html\r\nhttp://int21.de/cve/CVE-2008-1387-s9y.html\r\n\r\n\r\nCross Site Scripting (XSS) in serendipity 1.3 referrer plugin, CVE-2008-1385\r\nReferences\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1385\r\nhttp://www.s9y.org/\r\nDescription\r\n\r\nIn the referrer plugin of the blog application serendipity, the referrer \r\nstring is not escaped, thus leading to a permanent XSS.\r\nExample\r\n\r\nOne can inject malicious javascript code with:\r\n\r\nwget --referer='http://<hr onMouseOver="alert(7)">' http://someblog.com/\r\n\r\nWorkaround/Fix\r\n\r\nIf you are using the referrer plugin, upgrade to 1.3.1.\r\nDisclosure Timeline\r\n\r\n2008-03-18 Vendor contacted\r\n2008-03-18 Vendor answered\r\n2008-03-18 Vendor fixed issue in trunk/branch revision\r\n2008-04-22 Vendor released 1.3.1\r\n2008-04-22 Advisory published\r\nCVE Information\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the name \r\nCVE-2008-1385 to this issue. This is a candidate for inclusion in the CVE \r\nlist (http://cve.mitre.org/), which standardizes names for security problems.\r\nCredits and copyright\r\n\r\nThis vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. \r\nIt's licensed under the creative commons attribution license.\r\n\r\nHanno Boeck, 2008-04-xx, http://www.hboeck.de\r\n\r\n\r\n\r\n\r\nCross Site Scripting (XSS) in serendipity 1.3 installer, CVE-2008-1386\r\nReferences\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1386\r\nhttp://www.s9y.org/\r\nDescription\r\n\r\nThe installer of serendipity 1.3 has various Cross Site Scripting issues. This \r\nis considered low priority, as attack scenarios are very unlikely.\r\n\r\nVarious path fields are not escaped properly, thus filling them with \r\njavascript code will lead to XSS. MySQL error messages are not escaped, thus \r\nthe database host field can also be filled with javascript.\r\nWorkaround/Fix\r\n\r\nIf you are doing a fresh installation of serendipity, use version 1.3.1.\r\n\r\nIn general, don't leave uninstalled webapplications laying around on a public \r\nwebspace.\r\nDisclosure Timeline\r\n\r\n2008-03-21 Vendor contacted with patches\r\n2008-03-21 Vendor fixed issue in trunk/branch revision\r\n2008-04-22 Vendor released 1.3.1\r\n2008-04-22 Advisory published\r\nCVE Information\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the name \r\nCVE-2008-1386 to this issue. This is a candidate for inclusion in the CVE \r\nlist (http://cve.mitre.org/), which standardizes names for security problems.\r\nCredits and copyright\r\n\r\nThis vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. \r\nIt's licensed under the creative commons attribution license.\r\n\r\nHanno Boeck, 2008-04-xx, http://www.hboeck.de\r\n\r\n-- \r\nHanno Bock Blog: http://www.hboeck.de/\r\nGPG: 3DBD3B20 Jabber/Mail: hanno@hboeck.de", "edition": 1, "modified": "2008-04-22T00:00:00", "published": "2008-04-22T00:00:00", "id": "SECURITYVULNS:DOC:19711", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19711", "title": "[Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "cvelist": ["CVE-2008-0314"], "description": "iDefense Security Advisory 04.14.08\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nApr 14, 2008\r\n\r\nI. BACKGROUND\r\n\r\nClam AntiVirus is a multi-platform GPL anti-virus toolkit. ClamAV is\r\noften integrated into e-mail gateways and used to scan e-mail traffic\r\nfor viruses. It supports virus scanning for a wide variety of packed\r\nPortable Executable (PE) binaries. PeSpin is one of the supported\r\npacker/protectors. For more information visit the vendor's web site at\r\nthe following URL.\r\n\r\nhttp://www.clamav.net/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap overflow vulnerability in Clam AntiVirus'\r\nClamAV, as included in various vendors' operating system distributions,\r\nallows attackers to execute arbitrary code with the privileges of the\r\naffected process.\r\n\r\nThe vulnerability exists within the code responsible for decompressing\r\nsections within a PE binary packed with the PeSpin executable\r\nprotector. See the following excerpt from libclamav/spin.c:\r\n\r\n 417 key32 = cli_readint32(ep+0x2fee);\r\n ...\r\n 427 cli_dbgmsg("spin: Resources (sect%d) appear to be \r\ncompressed\n\tuncompressed offset %x, len %x\n\tcompressed offset %x, \r\nlen %x\n", j, sections[j].rva, key32 - sections[j].rva, key32, \r\nsections[j].vsz - (key32 - sections[j].rva));\r\n 428\r\n 429 if ( (curr=(char *)cli_malloc(sections[j].vsz)) != NULL ) {\r\n 430 memcpy(curr, src + sections[j].raw, key32 - \r\nsections[j].rva); /* Uncompressed part */\r\n 431 memset(curr + key32 - sections[j].rva, 0, sections[j].vsz \r\n- (key32 - sections[j].rva)); /* bzero */\r\n\r\nOn line 417, a 32-bit value is read from the file into the "key32"\r\nvariable. Then a heap buffer is allocated using the "sections[j].vsz"\r\nvalue on line 429. The "memcpy" call on line 430 then copies data into\r\nthe newly allocated buffer.\r\n\r\nNo validation is performed on the "key32", "sections[j].raw", and\r\n"sections[j].rva" values before they are used in the memory copy\r\noperation. Since these values are under attacker control, this can lead\r\nto an exploitable heap corruption condition.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the process using libclamav. In the case of\r\nthe clamd program, this will result in code execution with the\r\nprivileges of the clamav user. Unsuccessful exploitation results in the\r\nclamd process crashing.\r\n\r\nAlthough it would appear that the following "memset" call will cause a\r\nDoS condition, iDefense Labs confirmed that it is possible to bypass\r\nthis call. This is accomplished through manipulating the file such that\r\nthe memory layout allows the "sections" structure to be completely\r\ncontrolled via an overwrite by the "memcpy" call.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in ClamAV\r\n0.92.1. Previous versions may also be affected.\r\n\r\nV. WORKAROUND\r\n\r\nDisabling the scanning of PE files will prevent exploitation.\r\n\r\n If using clamscan, this can be done by running clamscan with the \r\n'--no-pe' option.\r\n If using clamdscan, set the 'ScanPE' option in the clamd.conf file to \r\n'no'.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe ClamAV team has addressed this vulnerability within version 0.93.\r\nAdditionally, the ClamAV team reports, "the vulnerable module was\r\nremotely disabled via virus-db update in March."\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2008-0314 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n03/04/2008 Initial vendor notification\r\n03/06/2008 Initial vendor response\r\n04/14/2008 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Damian Put.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2008 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "modified": "2008-04-16T00:00:00", "published": "2008-04-16T00:00:00", "id": "SECURITYVULNS:DOC:19672", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19672", "title": "[Full-disclosure] iDefense Security Advisory 04.14.08: ClamAV libclamav PeSpin Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-0318"], "description": "Integer overflow on PE files parsing.", "edition": 1, "modified": "2008-02-13T00:00:00", "published": "2008-02-13T00:00:00", "id": "SECURITYVULNS:VULN:8678", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8678", "title": "ClamAV antivirus integer overflow", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "cvelist": ["CVE-2008-0318"], "description": "iDefense Security Advisory 02.12.08\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nFeb 12, 2008\r\n\r\nI. BACKGROUND\r\n\r\nClam AntiVirus is a multi-platform GPL anti-virus toolkit. ClamAV is\r\noften integrated into e-mail gateways and used to scan e-mail traffic\r\nfor viruses. It supports virus scanning for a wide variety of packed\r\nPortable Executable (PE) binaries. For more information visit the\r\nvendor's web site at the following URL.\r\n\r\nhttp://www.clamav.net/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of an integer overflow vulnerability in Clam\r\nAntiVirus' ClamAV, as included in various vendors' operating system\r\ndistributions, allows attackers to execute arbitrary code with the\r\nprivileges of the affected process.\r\n\r\nThe vulnerability exists within the code responsible for parsing and\r\nscanning PE files. While iterating through all sections contained in\r\nthe PE file, several attacker controlled values are extracted from the\r\nfile. On each iteration, arithmetic operations are performed without\r\ntaking into consideration 32-bit integer wrap.\r\n\r\nSince insufficient integer overflow checks are present, an attacker can\r\ncause a heap overflow by causing a specially crafted Petite packed PE\r\nbinary to be scanned. This results in an exploitable memory corruption\r\ncondition.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the process using libclamav. In the case of\r\nthe clamd program, this will result in code execution with the\r\nprivileges of the clamav user. Unsuccessful exploitation results in the\r\nclamd process crashing.\r\n\r\nAddress Space Layout Randomization (ASLR) and non-executable memory\r\nprotection technologies (such as DEP, NX, XD, PaX, etc) can help\r\nmitigate exploitation of this type of vulnerability.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in ClamAV\r\n0.92. Previous versions may also be affected.\r\n\r\nV. WORKAROUND\r\n\r\nDisabling the scanning of PE files will prevent exploitation.\r\n\r\nIf using clamscan, this can be done by running clamscan with the\r\n'--no-pe' option.\r\n\r\nIf using clamdscan, set the 'ScanPE' option in the clamd.conf file to\r\n'no'.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe ClamAV team has addressed this vulnerability within version 0.92.1.\r\nAdditionally, the ClamAV team reports, "the vulnerable module was\r\nremotely disabled via virus-db update on Jan 11th 2008."\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2008-0318 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n01/07/2008 Initial vendor notification\r\n01/11/2008 Initial vendor response\r\n02/12/2008 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Silvio Cesare.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2008 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "modified": "2008-02-13T00:00:00", "published": "2008-02-13T00:00:00", "id": "SECURITYVULNS:DOC:19102", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19102", "title": "iDefense Security Advisory 02.12.08: ClamAV libclamav PE File Integer Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-1387"], "description": "Endless loop on ARJ files handling. Heap buffer overflow on WWPack'ed and PeSpin'ed PE files.", "edition": 1, "modified": "2008-04-16T00:00:00", "published": "2008-04-16T00:00:00", "id": "SECURITYVULNS:VULN:8909", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8909", "title": "ClamAV antivirus multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cert": [{"lastseen": "2020-09-18T20:42:21", "bulletinFamily": "info", "cvelist": ["CVE-2008-0314", "CVE-2008-1100"], "description": "### Overview \n\nThe ClamAV anti-virus scanner contains a vulnerability that may allow an attacker to execute code or cause ClamAV to crash.\n\n### Description \n\nThe Portable Executable (PE) file format is a file format for executable files that is used in Microsoft Windows. PE files can be packed with executable packers, such as upack. The ClamAV anti-virus scanner can unpack and scan PE files that are packed with upack.\n\nFrom ClamAV bug ID [878](<https://www.clamav.net/bugzilla/show_bug.cgi?id=878>): \n_Secunia Research has discovered a vulnerability in ClamAV, which can be exploited by malicious people to compromise a vulnerable system. \n \nThe vulnerability is caused due to a boundary error within the \"cli_scanpe()\" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted \"Upack\" executable._ \n \nNote that the ClamAV team has disabled the scanning of PE files that were packed with upack in older versions of ClamAV to prevent this vulnerability from being exploited. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to execute arbitrary code or cause ClamAV to crash. \n \n--- \n \n### Solution \n\n**Upgrade** \nUsers are encouraged to upgrade to ClamAV [.93](<http://www.clamav.net/>), which was released to address this issue. Note that because of a workaround applied by the ClamAV team, ClamAV versions prior to .93 may not be able to scan PE files that were packed with the upack packer. \n \n--- \n \n \n**Do not run clamscan as root** \n \nTo limit the impact of vulnerabilities in ClamAV, users and administrators should run clamscan with a limited user account. \n \n--- \n \n### Vendor Information\n\n858595\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Clam AntiVirus Affected\n\nNotified: April 15, 2008 Updated: April 18, 2008 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <https://www.clamav.net/bugzilla/show_bug.cgi?id=878>\n * <http://secunia.com/secunia_research/2008-11/>\n * <http://en.wikipedia.org/wiki/Portable_Executable>\n * <http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx>\n * <http://linux.die.net/man/1/clamscan>\n\n### Acknowledgements\n\nThanks to Secunia Research and the ClamAV team for information that was used in this report.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2008-1100](<http://web.nvd.nist.gov/vuln/detail/CVE-2008-1100>), [CVE-2008-0314](<http://web.nvd.nist.gov/vuln/detail/CVE-2008-0314>) \n---|--- \n**Severity Metric:** | 3.94 \n**Date Public:** | 2008-04-14 \n**Date First Published:** | 2008-04-21 \n**Date Last Updated: ** | 2008-04-29 14:39 UTC \n**Document Revision: ** | 31 \n", "modified": "2008-04-29T14:39:00", "published": "2008-04-21T00:00:00", "id": "VU:858595", "href": "https://www.kb.cert.org/vuls/id/858595", "type": "cert", "title": "ClamAV upack heap buffer overflow vulnerability", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1387", "CVE-2008-1100"], "description": "\nSecunia reports:\n\nSome vulnerabilities have been reported in ClamAV, which can be\n\t exploited by malicious people to cause a DoS (Denial of Service)\n\t or to compromise a vulnerable system.\n1) A boundary error exists within the \"cli_scanpe()\" function in\n\t libclamav/pe.c. This can be exploited to cause a heap-based buffer\n\t overflow via a specially crafted \"Upack\" executable.\nSuccessful exploitation allows execution of arbitrary code.\n2) A boundary error within the processing of PeSpin packed\n\t executables in libclamav/spin.c can be exploited to cause a\n\t heap-based buffer overflow.\nSuccessful exploitation may allow execution of arbitrary code.\n3) An unspecified error in the processing of ARJ files can be\n\t exploited to hang ClamAV.\n\n", "edition": 4, "modified": "2008-04-15T00:00:00", "published": "2008-04-15T00:00:00", "id": "589D8053-0B03-11DD-B4EF-00E07DC4EC84", "href": "https://vuxml.freebsd.org/freebsd/589d8053-0b03-11dd-b4ef-00e07dc4ec84.html", "title": "clamav -- Multiple Vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0318"], "description": "\niDefense Security Advisory 02.12.08:\n\nRemote exploitation of an integer overflow vulnerability\n\t in Clam AntiVirus' ClamAV, as included in various vendors'\n\t operating system distributions, allows attackers to execute\n\t arbitrary code with the privileges of the affected process.\nThe vulnerability exists within the code responsible\n\t for parsing and scanning PE files. While iterating through\n\t all sections contained in the PE file, several attacker\n\t controlled values are extracted from the file. On each iteration,\n\t arithmetic operations are performed without taking into\n\t consideration 32-bit integer wrap.\nSince insufficient integer overflow checks are present,\n\t an attacker can cause a heap overflow by causing a specially\n\t crafted Petite packed PE binary to be scanned. This results\n\t in an exploitable memory corruption condition.\nExploitation of this vulnerability results in the\n\t execution of arbitrary code with the privileges of the process\n\t using libclamav. In the case of the clamd program, this will\n\t result in code execution with the privileges of the clamav user.\n\t Unsuccessful exploitation results in the clamd process crashing.\n\nWorkaround\nDisabling the scanning of PE files will prevent exploitation.\nIf using clamscan, this can be done by running clamscan with the\n\t '--no-pe' option.\nIf using clamdscan, set the 'ScanPE' option in the clamd.conf\n\t file to 'no'.\n", "edition": 4, "modified": "2008-01-07T00:00:00", "published": "2008-01-07T00:00:00", "id": "BE4B0529-DBAF-11DC-9791-000EA6702141", "href": "https://vuxml.freebsd.org/freebsd/be4b0529-dbaf-11dc-9791-000ea6702141.html", "title": "clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:43:33", "description": "BUGTRAQ ID: 28784\r\nCVE(CAN) ID: CVE-2008-0314\r\n\r\nClam AntiVirus\u662fUnix\u7684GPL\u6740\u6bd2\u5de5\u5177\u5305\uff0c\u5f88\u591a\u90ae\u4ef6\u7f51\u5173\u4ea7\u54c1\u90fd\u5728\u4f7f\u7528\u3002\r\n\r\nClamAV\u4e2d\u8d1f\u8d23\u89e3\u538b\u7528PeSpin\u52a0\u5bc6\u6240\u5305\u88c5\u7684PE\u5e93\u7684\u4ee3\u7801\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u7578\u5f62\u6587\u4ef6\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n\u4ee5\u4e0b\u4e3alibclamav/spin.c\u4e2d\u7684\u6709\u6f0f\u6d1e\u4ee3\u7801\u6bb5\uff1a\r\n\r\n 417 key32 = cli_readint32(ep+0x2fee);\r\n ...\r\n 427 cli_dbgmsg("spin: Resources (sect%d) appear to be compressed\\n\\tuncompressed\r\noffset %x, len %x\\n\\tcompressed offset %x, len %x\\n", j, sections[j].rva, key32 -\r\nsections[j].rva, key32, sections[j].vsz - (key32 - sections[j].rva));\r\n 428\r\n 429 if ( (curr=(char *)cli_malloc(sections[j].vsz)) != NULL ) {\r\n 430 memcpy(curr, src + sections[j].raw, key32 - sections[j].rva); /* Uncompressed part */\r\n 431 memset(curr + key32 - sections[j].rva, 0, sections[j].vsz - (key32 -\r\nsections[j].rva)); /* bzero */ \r\n\r\n\u5728417\u884c\u4ece\u6587\u4ef6\u4e2d\u8bfb\u53d6\u4e8632\u4f4d\u7684\u503c\u5230key32\u53d8\u91cf\u4e2d\uff0c\u7136\u540e\u4f7f\u7528429\u884c\u7684sections[j].vsz\u503c\u5206\u914d\u5806\u7f13\u51b2\u533a\uff0c\u5728430\u884cmemcpy\u8c03\u7528\u5c06\u6570\u636e\u62f7\u8d1d\u5230\u4e86\u65b0\u5206\u914d\u7684\u7f13\u51b2\u533a\u3002\u7531\u4e8e\u6ca1\u6709\u5bf9key32\u3001sections[j].raw\u548csections[j].rva\u503c\u6267\u884c\u9a8c\u8bc1\u4fbf\u5728\u5185\u5b58\u62f7\u8d1d\u64cd\u4f5c\u4e2d\u4f7f\u7528\uff0c\u56e0\u6b64\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n\n\nClamAV 0.92.1\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u7981\u6b62\u626b\u63cfPE\u6587\u4ef6\uff1a \r\n\r\n \u5982\u679c\u5728\u4f7f\u7528clamscan\u7684\u8bdd\uff0c\u4ee5--no-pe\u9009\u9879\u8fd0\u884cclamscan\u3002\r\n \u5982\u679c\u5728\u4f7f\u7528clamdscan\u7684\u8bdd\uff0c\u5728clamd.conf\u6587\u4ef6\u4e2d\u5c06ScanPE\u9009\u9879\u8bbe\u7f6e\u4e3ano\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nClamAV\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.clamav.net/ target=_blank>http://www.clamav.net/</a>", "published": "2008-04-17T00:00:00", "type": "seebug", "title": "ClamAV libclamav\u5e93PeSpin\u5806\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0314"], "modified": "2008-04-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3178", "id": "SSV:3178", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T21:43:27", "description": "BUGTRAQ ID: 28756\r\nCVE(CAN) ID: CVE-2008-1100\r\n\r\nClam AntiVirus\u662fUnix\u7684GPL\u6740\u6bd2\u5de5\u5177\u5305\uff0c\u5f88\u591a\u90ae\u4ef6\u7f51\u5173\u4ea7\u54c1\u90fd\u5728\u4f7f\u7528\u3002\r\n\r\nClamAV\u7684libclamav/pe.c\u6587\u4ef6\u4e2d\u7684cli_scanpe()\u51fd\u6570\u5728\u5904\u7406\u7279\u5236Upack\u53ef\u6267\u884c\u7a0b\u5e8f\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u6740\u6bd2\u8f6f\u4ef6\u68c0\u6d4b\u5230\u4e86\u6076\u610f\u7684Upack\u6587\u4ef6\u65f6\u5c31\u4f1a\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\n\nClamAV ClamAV 0.92.1 \r\nClamAV ClamAV 0.92\n ClamAV\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.clamav.net/ target=_blank>http://www.clamav.net/</a>", "published": "2008-04-15T00:00:00", "type": "seebug", "title": "ClamAV libclamav/pe.c UPACK\u6587\u4ef6\u5904\u7406\u5806\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1100"], "modified": "2008-04-15T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3168", "id": "SSV:3168", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T21:43:30", "description": "BUGTRAQ ID: 28782\r\nCVE(CAN) ID: CVE-2008-1387\r\n\r\nClam AntiVirus\u662fUnix\u7684GPL\u6740\u6bd2\u5de5\u5177\u5305\uff0c\u5f88\u591a\u90ae\u4ef6\u7f51\u5173\u4ea7\u54c1\u90fd\u5728\u4f7f\u7528\u3002\r\n\r\nClamAV\u5728\u5904\u7406\u7578\u5f62\u683c\u5f0f\u7684ARJ\u6587\u4ef6\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u5e03\u7f72\u4e86ClamAV\u7684\u670d\u52a1\u5668\u4e0d\u53ef\u7528\u3002\r\n\r\n\u5982\u679c\u5728\u90ae\u4ef6\u670d\u52a1\u5668\u4e0a\u90e8\u7f72\u4e86ClamAV\u7684\u8bdd\uff0c\u5219\u5411\u8be5\u670d\u52a1\u5668\u53d1\u9001\u5e26\u6709ARJ\u683c\u5f0f\u9644\u4ef6\u7684\u6076\u610f\u90ae\u4ef6\u5c31\u53ef\u4ee5\u5bfc\u81f4\u670d\u52a1\u5668\u5d29\u6e83\u3002\r\n\n\nClamAV ClamAV < 0.92.1\n ClamAV\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.clamav.net/ target=_blank>http://www.clamav.net/</a>", "published": "2008-04-17T00:00:00", "type": "seebug", "title": "ClamAV ARJ\u6587\u4ef6\u89e3\u6790\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1387"], "modified": "2008-04-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3180", "id": "SSV:3180", "sourceData": "\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-3180", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
