ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them
being security bugs:
Fix a heap out of bounds condition with crafted Yoda's crypter
files. This issue was discovered by Felix Groebert of the Google
Security Team.
Fix a heap out of bounds condition with crafted mew packer files. This
issue was discovered by Felix Groebert of the Google Security Team.
Fix a heap out of bounds condition with crafted upx packer files. This
issue was discovered by Kevin Szkudlapski of Quarkslab.
Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior
(CVE-2014-9328).
Compensate a crash due to incorrect compiler optimization when handling
crafted petite packer files. This issue was discovered by Sebastian
Andrzej Siewior.
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
{"id": "SECURITYVULNS:DOC:31708", "bulletinFamily": "software", "title": "[ MDVSA-2015:042 ] clamav", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:042\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : clamav\r\n Date : February 10, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated clamav packages fix security vulnerabilities:\r\n \r\n ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them\r\n being security bugs:\r\n \r\n Fix a heap out of bounds condition with crafted Yoda's crypter\r\n files. This issue was discovered by Felix Groebert of the Google\r\n Security Team.\r\n \r\n Fix a heap out of bounds condition with crafted mew packer files. This\r\n issue was discovered by Felix Groebert of the Google Security Team.\r\n \r\n Fix a heap out of bounds condition with crafted upx packer files. This\r\n issue was discovered by Kevin Szkudlapski of Quarkslab.\r\n \r\n Fix a heap out of bounds condition with crafted upack packer\r\n files. This issue was discovered by Sebastian Andrzej Siewior\r\n (CVE-2014-9328).\r\n \r\n Compensate a crash due to incorrect compiler optimization when handling\r\n crafted petite packer files. This issue was discovered by Sebastian\r\n Andrzej Siewior.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9328\r\n http://advisories.mageia.org/MGASA-2015-0056.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 2e3d83c090e1c48f362052c4be25bc99 mbs1/x86_64/clamav-0.98.6-1.mbs1.x86_64.rpm\r\n e7d4cfe60d783ab1ffa694a3eb59e371 mbs1/x86_64/clamav-db-0.98.6-1.mbs1.noarch.rpm\r\n 2c5ab2cda0dc007d18f44615c164f472 mbs1/x86_64/clamav-milter-0.98.6-1.mbs1.x86_64.rpm\r\n de1f295495db4ee384c7ed02943a8037 mbs1/x86_64/clamd-0.98.6-1.mbs1.x86_64.rpm\r\n 0f8c6f040f405f2ec7d618f889d59e28 mbs1/x86_64/lib64clamav6-0.98.6-1.mbs1.x86_64.rpm\r\n fd381197641cd1bd3157c7429ea8adca mbs1/x86_64/lib64clamav-devel-0.98.6-1.mbs1.x86_64.rpm \r\n ea87f5988c481132f27c95cc08620d41 mbs1/SRPMS/clamav-0.98.6-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFU2hCQmqjQ0CJFipgRAoJLAJ4yHkJAoFUtQjoArquZ5/1gK6STTACghb1g\r\nHkCuR/GqQr67KoEc/ipTfdA=\r\n=pxQv\r\n-----END PGP SIGNATURE-----\r\n\r\n", "published": "2015-02-11T00:00:00", "modified": "2015-02-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31708", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-9328"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:57", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "85dcb43f890c2eddc221f4c7f3c3e919"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "fdd9603bb6b411bbb892d5615e7ab540"}, {"key": "href", "hash": "ef683d052481d374a8721dde63f24774"}, {"key": "modified", "hash": "269b2b6abcbd7505b4f1e461473394f8"}, {"key": "published", "hash": "269b2b6abcbd7505b4f1e461473394f8"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "c7586dbdd4463c49502463034c44fe14"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "45d068dabfdb3958329e2de242853fccd5f70b5f25a75f5c9bfc559d7d2e8fee", "viewCount": 0, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2018-08-31T11:10:57"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9328"]}, {"type": "archlinux", "idList": ["ASA-201502-6"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14258"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120326", "OPENVAS:1361412562310868970", "OPENVAS:1361412562310868967", "OPENVAS:1361412562310842080", "OPENVAS:1361412562310842092", "OPENVAS:1361412562310850635", "OPENVAS:1361412562310850824", "OPENVAS:1361412562310121430"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2015-042.NASL", "UBUNTU_USN-2488-1.NASL", "ALA_ALAS-2015-486.NASL", "UBUNTU_USN-2488-2.NASL", "MANDRIVA_MDVSA-2015-166.NASL", "FEDORA_2015-1461.NASL", "SUSE_11_CLAMAV-150206.NASL", "FEDORA_2015-1437.NASL", "OPENSUSE-2015-147.NASL", "CLAMAV_0_98_6.NASL"]}, {"type": "ubuntu", "idList": ["USN-2488-1", "USN-2488-2"]}, {"type": "amazon", "idList": ["ALAS-2015-486"]}, {"type": "suse", "idList": ["SUSE-SU-2015:0298-1", "OPENSUSE-SU-2015:0285-1"]}, {"type": "gentoo", "idList": ["GLSA-201512-08"]}, {"type": "debian", "idList": ["DEBIAN:DLA-233-1:4B465"]}], "modified": "2018-08-31T11:10:57"}, "vulnersScore": 6.7}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2019-05-29T18:13:50", "bulletinFamily": "NVD", "description": "ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a \"heap out of bounds condition.\"", "modified": "2017-01-03T02:59:00", "id": "CVE-2014-9328", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9328", "published": "2015-02-03T16:59:00", "title": "CVE-2014-9328", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "No description provided", "modified": "2015-02-11T00:00:00", "published": "2015-02-11T00:00:00", "id": "SECURITYVULNS:VULN:14258", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14258", "title": "ClamAV memory corruptions", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "description": "Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled\ncertain upack packer files. An attacker could possibly use this issue to\ncause ClamAV to crash, resulting in a denial of service, or possibly\nexecute arbitrary code.", "modified": "2015-02-06T00:00:00", "published": "2015-02-06T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html", "id": "ASA-201502-6", "title": "clamav: arbitrary code execution", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120326", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120326", "title": "Amazon Linux Local Check: ALAS-2015-486", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-486.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120326\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:39 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-486\");\n script_tag(name:\"insight\", value:\"ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a heap out of bounds condition.\");\n script_tag(name:\"solution\", value:\"Run yum update clamav to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-486.html\");\n script_cve_id(\"CVE-2014-9328\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"clamav-update\", rpm:\"clamav-update~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-db\", rpm:\"clamav-db~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-server\", rpm:\"clamav-server~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-debuginfo\", rpm:\"clamav-debuginfo~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-lib\", rpm:\"clamav-lib~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamd\", rpm:\"clamd~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-devel\", rpm:\"clamav-devel~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-scanner\", rpm:\"clamav-scanner~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-milter-sysvinit\", rpm:\"clamav-milter-sysvinit~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-data\", rpm:\"clamav-data~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-scanner-sysvinit\", rpm:\"clamav-scanner-sysvinit~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-filesystem\", rpm:\"clamav-filesystem~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-data-empty\", rpm:\"clamav-data-empty~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"clamav-server-sysvinit\", rpm:\"clamav-server-sysvinit~0.98.6~1.11.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-31T00:00:00", "id": "OPENVAS:1361412562310868967", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868967", "title": "Fedora Update for clamav FEDORA-2015-1461", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2015-1461\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868967\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-31 06:02:17 +0100 (Sat, 31 Jan 2015)\");\n script_cve_id(\"CVE-2014-9328\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for clamav FEDORA-2015-1461\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-1461\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.98.6~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-02-03T00:00:00", "id": "OPENVAS:1361412562310842080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842080", "title": "Ubuntu Update for clamav USN-2488-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for clamav USN-2488-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842080\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-03 05:45:46 +0100 (Tue, 03 Feb 2015)\");\n script_cve_id(\"CVE-2014-9328\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for clamav USN-2488-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Sebastian Andrzej Siewior discovered that\nClamAV incorrectly handled certain upack packer files. An attacker could possibly\nuse this issue to cause ClamAV to crash, resulting in a denial of service, or\npossibly execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"clamav on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2488-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2488-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.98.6+dfsg-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.98.6+dfsg-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.98.6+dfsg-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-31T00:00:00", "id": "OPENVAS:1361412562310868970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868970", "title": "Fedora Update for clamav FEDORA-2015-1437", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for clamav FEDORA-2015-1437\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868970\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-31 06:02:22 +0100 (Sat, 31 Jan 2015)\");\n script_cve_id(\"CVE-2014-9328\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for clamav FEDORA-2015-1437\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"clamav on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-1437\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.98.6~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-02-14T00:00:00", "id": "OPENVAS:1361412562310842092", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842092", "title": "Ubuntu Update for clamav USN-2488-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for clamav USN-2488-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842092\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-14 05:03:52 +0100 (Sat, 14 Feb 2015)\");\n script_cve_id(\"CVE-2013-6497\", \"CVE-2014-9328\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for clamav USN-2488-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-2488-1 fixed a vulnerability in ClamAV\nfor Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. This update provides the\ncorresponding update for Ubuntu 10.04 LTS.\n\nOriginal advisory details:\n\nSebastian Andrzej Siewior discovered that ClamAV incorrectly handled\ncertain upack packer files. An attacker could possibly use this issue to\ncause ClamAV to crash, resulting in a denial of service, or possibly\nexecute arbitrary code.\");\n script_tag(name:\"affected\", value:\"clamav on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2488-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2488-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clamav\", ver:\"0.98.6+dfsg-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850824", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850824", "title": "SuSE Update for clamav SUSE-SU-2015:0298-1 (clamav)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0298_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for clamav SUSE-SU-2015:0298-1 (clamav)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850824\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-9328\", \"CVE-2015-1461\", \"CVE-2015-1462\", \"CVE-2015-1463\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for clamav SUSE-SU-2015:0298-1 (clamav)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"clamav was updated to version 0.98.6 to fix four security issues.\n\n These security issues have been fixed:\n\n * CVE-2015-1462: ClamAV allowed remote attackers to have unspecified\n impact via a crafted upx packer file, related to a heap out of\n bounds condition (bnc#916214).\n\n * CVE-2015-1463: ClamAV allowed remote attackers to cause a denial of\n service (crash) via a crafted petite packer file, related to an\n incorrect compiler optimization (bnc#916215).\n\n * CVE-2014-9328: ClamAV allowed remote attackers to have unspecified\n impact via a crafted upack packer file, related to a heap out of\n bounds condition (bnc#915512).\n\n * CVE-2015-1461: ClamAV allowed remote attackers to have unspecified\n impact via a crafted (1) Yoda's crypter or (2) mew packer file,\n related to a heap out of bounds condition (bnc#916217).\");\n\n script_tag(name:\"affected\", value:\"clamav on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0298_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.98.6~0.6.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-02-14T00:00:00", "id": "OPENVAS:1361412562310850635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850635", "title": "SuSE Update for clamav openSUSE-SU-2015:0285-1 (clamav)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0285_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for clamav openSUSE-SU-2015:0285-1 (clamav)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850635\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-14 05:03:08 +0100 (Sat, 14 Feb 2015)\");\n script_cve_id(\"CVE-2014-9328\", \"CVE-2015-1461\", \"CVE-2015-1462\", \"CVE-2015-1463\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for clamav openSUSE-SU-2015:0285-1 (clamav)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'clamav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"clamav was updated to version 0.98.6 that fixes bugs and several security\n issues:\n\n * bsc#916217, CVE-2015-1461: Remote attackers can have unspecified impact\n via Yoda's crypter or mew packer files.\n\n * bsc#916214, CVE-2015-1462: Unspecified impact via acrafted upx packer\n file.\n\n * bsc#916215, CVE-2015-1463: Remote attackers can cause a denial\n of service via a crafted petite packer file.\n\n * bsc#915512, CVE-2014-9328: heap out of bounds condition with crafted\n upack packer files.\");\n script_tag(name:\"affected\", value:\"clamav on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0285_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clamav\", rpm:\"clamav~0.98.6~30.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-debuginfo\", rpm:\"clamav-debuginfo~0.98.6~30.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"clamav-debugsource\", rpm:\"clamav-debugsource~0.98.6~30.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201512-08", "modified": "2018-10-26T00:00:00", "published": "2015-12-31T00:00:00", "id": "OPENVAS:1361412562310121430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121430", "title": "Gentoo Security Advisory GLSA 201512-08", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201512-08.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121430\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-31 11:46:02 +0200 (Thu, 31 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201512-08\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201512-08\");\n script_cve_id(\"CVE-2014-9328\", \"CVE-2015-1461\", \"CVE-2015-1462\", \"CVE-2015-1463\", \"CVE-2015-2170\", \"CVE-2015-2221\", \"CVE-2015-2222\", \"CVE-2015-2668\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201512-08\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-antivirus/clamav\", unaffected: make_list(\"ge 0.98.7\"), vulnerable: make_list(\"lt 0.98.7\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:22:21", "bulletinFamily": "unix", "description": "Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "USN-2488-1", "href": "https://usn.ubuntu.com/2488-1/", "title": "ClamAV vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:21:00", "bulletinFamily": "unix", "description": "USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding update for Ubuntu 10.04 LTS.\n\nOriginal advisory details:\n\nSebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.", "modified": "2015-02-12T00:00:00", "published": "2015-02-12T00:00:00", "id": "USN-2488-2", "href": "https://usn.ubuntu.com/2488-2/", "title": "ClamAV vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:54", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a \"heap out of bounds condition.\"\n\n \n**Affected Packages:** \n\n\nclamav\n\n \n**Issue Correction:** \nRun _yum update clamav_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n clamav-update-0.98.6-1.11.amzn1.i686 \n clamav-db-0.98.6-1.11.amzn1.i686 \n clamav-server-0.98.6-1.11.amzn1.i686 \n clamav-debuginfo-0.98.6-1.11.amzn1.i686 \n clamav-lib-0.98.6-1.11.amzn1.i686 \n clamd-0.98.6-1.11.amzn1.i686 \n clamav-0.98.6-1.11.amzn1.i686 \n clamav-devel-0.98.6-1.11.amzn1.i686 \n clamav-milter-0.98.6-1.11.amzn1.i686 \n \n noarch: \n clamav-scanner-0.98.6-1.11.amzn1.noarch \n clamav-milter-sysvinit-0.98.6-1.11.amzn1.noarch \n clamav-data-0.98.6-1.11.amzn1.noarch \n clamav-scanner-sysvinit-0.98.6-1.11.amzn1.noarch \n clamav-filesystem-0.98.6-1.11.amzn1.noarch \n clamav-data-empty-0.98.6-1.11.amzn1.noarch \n clamav-server-sysvinit-0.98.6-1.11.amzn1.noarch \n \n src: \n clamav-0.98.6-1.11.amzn1.src \n \n x86_64: \n clamav-lib-0.98.6-1.11.amzn1.x86_64 \n clamav-server-0.98.6-1.11.amzn1.x86_64 \n clamav-debuginfo-0.98.6-1.11.amzn1.x86_64 \n clamav-milter-0.98.6-1.11.amzn1.x86_64 \n clamav-0.98.6-1.11.amzn1.x86_64 \n clamav-update-0.98.6-1.11.amzn1.x86_64 \n clamav-db-0.98.6-1.11.amzn1.x86_64 \n clamd-0.98.6-1.11.amzn1.x86_64 \n clamav-devel-0.98.6-1.11.amzn1.x86_64 \n \n \n", "modified": "2015-03-04T16:11:00", "published": "2015-03-04T16:11:00", "id": "ALAS-2015-486", "href": "https://alas.aws.amazon.com/ALAS-2015-486.html", "title": "Medium: clamav", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-12-13T09:45:07", "bulletinFamily": "scanner", "description": "Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled\ncertain upack packer files. An attacker could possibly use this issue\nto cause ClamAV to crash, resulting in a denial of service, or\npossibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-2488-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81144", "published": "2015-02-03T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : clamav vulnerability (USN-2488-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2488-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81144);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2014-9328\");\n script_bugtraq_id(72372);\n script_xref(name:\"USN\", value:\"2488-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : clamav vulnerability (USN-2488-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled\ncertain upack packer files. An attacker could possibly use this issue\nto cause ClamAV to crash, resulting in a denial of service, or\npossibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2488-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"clamav\", pkgver:\"0.98.6+dfsg-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"clamav\", pkgver:\"0.98.6+dfsg-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"clamav\", pkgver:\"0.98.6+dfsg-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:39:01", "bulletinFamily": "scanner", "description": "ClamAV before 0.98.6 allows remote attackers to have unspecified\nimpact via a crafted upack packer file, related to a ", "modified": "2019-12-02T00:00:00", "id": "ALA_ALAS-2015-486.NASL", "href": "https://www.tenable.com/plugins/nessus/81674", "published": "2015-03-09T00:00:00", "title": "Amazon Linux AMI : clamav (ALAS-2015-486)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-486.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81674);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-9328\");\n script_xref(name:\"ALAS\", value:\"2015-486\");\n\n script_name(english:\"Amazon Linux AMI : clamav (ALAS-2015-486)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ClamAV before 0.98.6 allows remote attackers to have unspecified\nimpact via a crafted upack packer file, related to a 'heap out of\nbounds condition.'\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-486.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update clamav' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-data-empty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-milter-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-scanner-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamav-update\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"clamav-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-data-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-data-empty-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-db-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-debuginfo-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-devel-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-filesystem-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-lib-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-milter-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-milter-sysvinit-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-scanner-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-scanner-sysvinit-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-server-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-server-sysvinit-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamav-update-0.98.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"clamd-0.98.6-1.11.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav / clamav-data / clamav-data-empty / clamav-db / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:05:55", "bulletinFamily": "scanner", "description": "Updated clamav packages fix security vulnerabilities :\n\nClamAV 0.98.6 is a maintenance release to fix some bugs, some of them\nbeing security bugs :\n\nFix a heap out of bounds condition with crafted Yoda", "modified": "2019-12-02T00:00:00", "id": "MANDRIVA_MDVSA-2015-042.NASL", "href": "https://www.tenable.com/plugins/nessus/81283", "published": "2015-02-11T00:00:00", "title": "Mandriva Linux Security Advisory : clamav (MDVSA-2015:042)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:042. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81283);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/08/02 13:32:56\");\n\n script_cve_id(\"CVE-2014-9328\");\n script_bugtraq_id(72372);\n script_xref(name:\"MDVSA\", value:\"2015:042\");\n\n script_name(english:\"Mandriva Linux Security Advisory : clamav (MDVSA-2015:042)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated clamav packages fix security vulnerabilities :\n\nClamAV 0.98.6 is a maintenance release to fix some bugs, some of them\nbeing security bugs :\n\nFix a heap out of bounds condition with crafted Yoda's crypter files.\nThis issue was discovered by Felix Groebert of the Google Security\nTeam.\n\nFix a heap out of bounds condition with crafted mew packer files. This\nissue was discovered by Felix Groebert of the Google Security Team.\n\nFix a heap out of bounds condition with crafted upx packer files. This\nissue was discovered by Kevin Szkudlapski of Quarkslab.\n\nFix a heap out of bounds condition with crafted upack packer files.\nThis issue was discovered by Sebastian Andrzej Siewior\n(CVE-2014-9328).\n\nCompensate a crash due to incorrect compiler optimization when\nhandling crafted petite packer files. This issue was discovered by\nSebastian Andrzej Siewior.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0056.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"clamav-0.98.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"clamav-db-0.98.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"clamav-milter-0.98.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"clamd-0.98.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64clamav-devel-0.98.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64clamav6-0.98.6-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:45:07", "bulletinFamily": "scanner", "description": "USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu\n14.04 LTS, and Ubuntu 12.04 LTS. This update provides the\ncorresponding update for Ubuntu 10.04 LTS.\n\nSebastian Andrzej Siewior discovered that ClamAV incorrectly handled\ncertain upack packer files. An attacker could possibly use this issue\nto cause ClamAV to crash, resulting in a denial of service, or\npossibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-2488-2.NASL", "href": "https://www.tenable.com/plugins/nessus/81341", "published": "2015-02-13T00:00:00", "title": "Ubuntu 10.04 LTS : clamav vulnerability (USN-2488-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2488-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81341);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2013-6497\", \"CVE-2014-9328\");\n script_bugtraq_id(71178, 72372);\n script_xref(name:\"USN\", value:\"2488-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS : clamav vulnerability (USN-2488-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu\n14.04 LTS, and Ubuntu 12.04 LTS. This update provides the\ncorresponding update for Ubuntu 10.04 LTS.\n\nSebastian Andrzej Siewior discovered that ClamAV incorrectly handled\ncertain upack packer files. An attacker could possibly use this issue\nto cause ClamAV to crash, resulting in a denial of service, or\npossibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2488-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"clamav\", pkgver:\"0.98.6+dfsg-0ubuntu0.10.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:46:36", "bulletinFamily": "scanner", "description": "According to its version, the ClamAV clamd antivirus daemon on the\nremote host is prior to 0.98.6. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An out-of-bounds access flaw exists in the unupack()\n function that is triggered when parsing a specially\n crafted Upack packer file. A remote attacker can exploit\n this to crash the application, resulting in a denial of\n service condition. (CVE-2014-9328)\n\n - An out-of-bounds access flaw exists that is triggered\n when parsing maliciously crafted Yoda Crypter and MEW\n packer files. A remote attacker can exploit this to\n crash the application, resulting in a denial of service\n condition. (CVE-2015-1461)\n \n - An out-of-bounds access flaw exists that is triggered\n when parsing a specially crafted UPX packer file. A\n remote attacker can exploit this to crash the\n application, resulting in a denial of service condition.\n (CVE-2015-1462)\n\n - A signedness flaw exists in the petite_inflate2x_1to9()\n function in ", "modified": "2019-12-02T00:00:00", "id": "CLAMAV_0_98_6.NASL", "href": "https://www.tenable.com/plugins/nessus/81147", "published": "2015-02-03T00:00:00", "title": "ClamAV < 0.98.6 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81147);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-9328\",\n \"CVE-2015-1461\",\n \"CVE-2015-1462\",\n \"CVE-2015-1463\"\n );\n script_bugtraq_id(\n 72372,\n 72641,\n 72652,\n 72654\n );\n\n script_name(english:\"ClamAV < 0.98.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the response to a clamd VERSION command.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The antivirus service running on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the ClamAV clamd antivirus daemon on the\nremote host is prior to 0.98.6. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An out-of-bounds access flaw exists in the unupack()\n function that is triggered when parsing a specially\n crafted Upack packer file. A remote attacker can exploit\n this to crash the application, resulting in a denial of\n service condition. (CVE-2014-9328)\n\n - An out-of-bounds access flaw exists that is triggered\n when parsing maliciously crafted Yoda Crypter and MEW\n packer files. A remote attacker can exploit this to\n crash the application, resulting in a denial of service\n condition. (CVE-2015-1461)\n \n - An out-of-bounds access flaw exists that is triggered\n when parsing a specially crafted UPX packer file. A\n remote attacker can exploit this to crash the\n application, resulting in a denial of service condition.\n (CVE-2015-1462)\n\n - A signedness flaw exists in the petite_inflate2x_1to9()\n function in 'libclamav/petite.c' that allows a remote\n attacker with a specially crafted petite packer file\n to cause a denial of service. (CVE-2015-1463)\n\n - An integer overflow condition exists in upx.c due to\n improper validation of user-supplied input when scanning\n EXE files. An attacker can exploit this to cause a\n heap-based buffer overflow, resulting in a denial of\n service condition or the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blog.clamav.net/2015/01/clamav-0986-has-been-released.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2015/q1/344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.clamav.net/show_bug.cgi?id=11213\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ClamAV 0.98.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1462\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:clamav:clamav\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"clamav_detect.nasl\");\n script_require_keys(\"Antivirus/ClamAV/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Antivirus/ClamAV/version\");\nport = get_service(svc:\"clamd\", default:3310, exit_on_fail:TRUE);\n\n# nb: banner checks of open source software are prone to false-\n# positives so only run the check if reporting is paranoid.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# Check the version number.\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Affected :\n# 0.x < 0.98.6\n# 0.98.6beta\\d\n# 0.98.6rc\\d\nif (\n (ver[0] == 0 && ver[1] < 98) ||\n (ver[0] == 0 && ver[1] == 98 && ver[2] < 6) ||\n version =~ \"^0\\.98\\.6-(beta|rc)\\d($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 0.98.6' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"ClamAV\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:05:58", "bulletinFamily": "scanner", "description": "Updated clamav packages fix security vulnerabilities :\n\nClamAV 0.98.6 is a maintenance release to fix some bugs, some of them\nbeing security bugs :\n\nCertain JavaScript files causes ClamAV to segfault when scanned with\nthe -a (list archived files) (CVE-2013-6497).\n\nA heap buffer overflow was reported in ClamAV when scanning a\nspecially crafted y0da Crypter obfuscated PE file (CVE-2014-9050).\n\nFix a heap out of bounds condition with crafted Yoda", "modified": "2019-12-02T00:00:00", "id": "MANDRIVA_MDVSA-2015-166.NASL", "href": "https://www.tenable.com/plugins/nessus/82419", "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : clamav (MDVSA-2015:166)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:166. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82419);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/08/02 13:32:57\");\n\n script_cve_id(\"CVE-2014-6497\", \"CVE-2014-9050\", \"CVE-2014-9328\");\n script_xref(name:\"MDVSA\", value:\"2015:166\");\n\n script_name(english:\"Mandriva Linux Security Advisory : clamav (MDVSA-2015:166)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated clamav packages fix security vulnerabilities :\n\nClamAV 0.98.6 is a maintenance release to fix some bugs, some of them\nbeing security bugs :\n\nCertain JavaScript files causes ClamAV to segfault when scanned with\nthe -a (list archived files) (CVE-2013-6497).\n\nA heap buffer overflow was reported in ClamAV when scanning a\nspecially crafted y0da Crypter obfuscated PE file (CVE-2014-9050).\n\nFix a heap out of bounds condition with crafted Yoda's crypter files.\nThis issue was discovered by Felix Groebert of the Google Security\nTeam.\n\nFix a heap out of bounds condition with crafted mew packer files. This\nissue was discovered by Felix Groebert of the Google Security Team.\n\nFix a heap out of bounds condition with crafted upx packer files. This\nissue was discovered by Kevin Szkudlapski of Quarkslab.\n\nFix a heap out of bounds condition with crafted upack packer files.\nThis issue was discovered by Sebastian Andrzej Siewior\n(CVE-2014-9328).\n\nCompensate a crash due to incorrect compiler optimization when\nhandling crafted petite packer files. This issue was discovered by\nSebastian Andrzej Siewior.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0487.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0056.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-db\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamav-milter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clamd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64clamav6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"clamav-0.98.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"clamav-db-0.98.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"clamav-milter-0.98.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"clamd-0.98.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64clamav-devel-0.98.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64clamav6-0.98.6-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:16:00", "bulletinFamily": "scanner", "description": "clamav was updated to version 0.98.6 that fixes bugs and several\nsecurity issues :\n\n - bsc#916217, CVE-2015-1461: Remote attackers can have\n unspecified impact via Yoda", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2015-147.NASL", "href": "https://www.tenable.com/plugins/nessus/81372", "published": "2015-02-16T00:00:00", "title": "openSUSE Security Update : clamav (openSUSE-2015-147)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-147.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81372);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/03/11 13:51:32 $\");\n\n script_cve_id(\"CVE-2014-9328\", \"CVE-2015-1461\", \"CVE-2015-1462\", \"CVE-2015-1463\");\n\n script_name(english:\"openSUSE Security Update : clamav (openSUSE-2015-147)\");\n script_summary(english:\"Check for the openSUSE-2015-147 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"clamav was updated to version 0.98.6 that fixes bugs and several\nsecurity issues :\n\n - bsc#916217, CVE-2015-1461: Remote attackers can have\n unspecified impact via Yoda's crypter or mew packer\n files.\n\n - bsc#916214, CVE-2015-1462: Unspecified impact via\n acrafted upx packer file.\n\n - bsc#916215, CVE-2015-1463: Remote attackers can cause a\n denial of service via a crafted petite packer file.\n\n - bsc#915512, CVE-2014-9328: heap out of bounds condition\n with crafted upack packer files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916217\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:clamav-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"clamav-0.98.6-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"clamav-debuginfo-0.98.6-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"clamav-debugsource-0.98.6-30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"clamav-0.98.6-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"clamav-debuginfo-0.98.6-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"clamav-debugsource-0.98.6-2.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav / clamav-debuginfo / clamav-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:04:06", "bulletinFamily": "scanner", "description": "ClamAV 0.98.6 =============\n\nClamAV 0.98.6 is a bug fix release correcting the following :\n\n - library shared object revisions.\n\n - installation issues on some Mac OS X and FreeBSD\n platforms.\n\n - includes a patch from Sebastian Andrzej Siewior making\n ClamAV pid files compatible with systemd.\n\n - Fix a heap out of bounds condition with crafted Yoda", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2015-1437.NASL", "href": "https://www.tenable.com/plugins/nessus/81114", "published": "2015-02-02T00:00:00", "title": "Fedora 20 : clamav-0.98.6-1.fc20 (2015-1437)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1437.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81114);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:57:26 $\");\n\n script_cve_id(\"CVE-2014-9328\", \"CVE-2015-1461\", \"CVE-2015-1462\", \"CVE-2015-1463\");\n script_xref(name:\"FEDORA\", value:\"2015-1437\");\n\n script_name(english:\"Fedora 20 : clamav-0.98.6-1.fc20 (2015-1437)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ClamAV 0.98.6 =============\n\nClamAV 0.98.6 is a bug fix release correcting the following :\n\n - library shared object revisions.\n\n - installation issues on some Mac OS X and FreeBSD\n platforms.\n\n - includes a patch from Sebastian Andrzej Siewior making\n ClamAV pid files compatible with systemd.\n\n - Fix a heap out of bounds condition with crafted Yoda's\n crypter files. This issue was discovered by Felix\n Groebert of the Google Security Team.\n\n - Fix a heap out of bounds condition with crafted mew\n packer files. This issue was discovered by Felix\n Groebert of the Google Security Team.\n\n - Fix a heap out of bounds condition with crafted upx\n packer files. This issue was discovered by Kevin\n Szkudlapski of Quarkslab.\n\n - Fix a heap out of bounds condition with crafted upack\n packer files. This issue was discovered by Sebastian\n Andrzej Siewior. CVE-2014-9328.\n\n - Compensate a crash due to incorrect compiler\n optimization when handling crafted petite packer\n files. This issue was discovered by Sebastian Andrzej\n Siewior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1187050\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a7c4b96b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"clamav-0.98.6-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:21:15", "bulletinFamily": "scanner", "description": "clamav was updated to version 0.98.6 to fix four security issues.\n\nThese security issues have been fixed :\n\n - ClamAV allowed remote attackers to have unspecified\n impact via a crafted upx packer file, related to a heap\n out of bounds condition. (bnc#916214). (CVE-2015-1462)\n\n - ClamAV allowed remote attackers to cause a denial of\n service (crash) via a crafted petite packer file,\n related to an incorrect compiler optimization.\n (bnc#916215). (CVE-2015-1463)\n\n - ClamAV allowed remote attackers to have unspecified\n impact via a crafted upack packer file, related to a\n heap out of bounds condition. (bnc#915512).\n (CVE-2014-9328)\n\n - ClamAV allowed remote attackers to have unspecified\n impact via a crafted (1) Yoda", "modified": "2019-12-02T00:00:00", "id": "SUSE_11_CLAMAV-150206.NASL", "href": "https://www.tenable.com/plugins/nessus/81389", "published": "2015-02-17T00:00:00", "title": "SuSE 11.3 Security Update : clamav (SAT Patch Number 10283)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81389);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/02/17 14:18:14 $\");\n\n script_cve_id(\"CVE-2014-9328\", \"CVE-2015-1461\", \"CVE-2015-1462\", \"CVE-2015-1463\");\n\n script_name(english:\"SuSE 11.3 Security Update : clamav (SAT Patch Number 10283)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"clamav was updated to version 0.98.6 to fix four security issues.\n\nThese security issues have been fixed :\n\n - ClamAV allowed remote attackers to have unspecified\n impact via a crafted upx packer file, related to a heap\n out of bounds condition. (bnc#916214). (CVE-2015-1462)\n\n - ClamAV allowed remote attackers to cause a denial of\n service (crash) via a crafted petite packer file,\n related to an incorrect compiler optimization.\n (bnc#916215). (CVE-2015-1463)\n\n - ClamAV allowed remote attackers to have unspecified\n impact via a crafted upack packer file, related to a\n heap out of bounds condition. (bnc#915512).\n (CVE-2014-9328)\n\n - ClamAV allowed remote attackers to have unspecified\n impact via a crafted (1) Yoda's crypter or (2) mew\n packer file, related to a heap out of bounds condition.\n (bnc#916217). (CVE-2015-1461)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=915512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9328.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-1461.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-1462.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-1463.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10283.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"clamav-0.98.6-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"clamav-0.98.6-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"clamav-0.98.6-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:04:06", "bulletinFamily": "scanner", "description": "ClamAV 0.98.6 =============\n\nClamAV 0.98.6 is a bug fix release correcting the following :\n\n - library shared object revisions.\n\n - installation issues on some Mac OS X and FreeBSD\n platforms.\n\n - includes a patch from Sebastian Andrzej Siewior making\n ClamAV pid files compatible with systemd.\n\n - Fix a heap out of bounds condition with crafted Yoda", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2015-1461.NASL", "href": "https://www.tenable.com/plugins/nessus/81115", "published": "2015-02-02T00:00:00", "title": "Fedora 21 : clamav-0.98.6-1.fc21 (2015-1461)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1461.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81115);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:57:26 $\");\n\n script_cve_id(\"CVE-2014-9328\", \"CVE-2015-1461\", \"CVE-2015-1462\", \"CVE-2015-1463\");\n script_xref(name:\"FEDORA\", value:\"2015-1461\");\n\n script_name(english:\"Fedora 21 : clamav-0.98.6-1.fc21 (2015-1461)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ClamAV 0.98.6 =============\n\nClamAV 0.98.6 is a bug fix release correcting the following :\n\n - library shared object revisions.\n\n - installation issues on some Mac OS X and FreeBSD\n platforms.\n\n - includes a patch from Sebastian Andrzej Siewior making\n ClamAV pid files compatible with systemd.\n\n - Fix a heap out of bounds condition with crafted Yoda's\n crypter files. This issue was discovered by Felix\n Groebert of the Google Security Team.\n\n - Fix a heap out of bounds condition with crafted mew\n packer files. This issue was discovered by Felix\n Groebert of the Google Security Team.\n\n - Fix a heap out of bounds condition with crafted upx\n packer files. This issue was discovered by Kevin\n Szkudlapski of Quarkslab.\n\n - Fix a heap out of bounds condition with crafted upack\n packer files. This issue was discovered by Sebastian\n Andrzej Siewior. CVE-2014-9328.\n\n - Compensate a crash due to incorrect compiler\n optimization when handling crafted petite packer\n files. This issue was discovered by Sebastian Andrzej\n Siewior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1187050\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?710c5df4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected clamav package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:clamav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"clamav-0.98.6-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clamav\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "description": "clamav was updated to version 0.98.6 to fix four security issues.\n\n These security issues have been fixed:\n\n * CVE-2015-1462: ClamAV allowed remote attackers to have unspecified\n impact via a crafted upx packer file, related to a heap out of\n bounds condition (bnc#916214).\n * CVE-2015-1463: ClamAV allowed remote attackers to cause a denial of\n service (crash) via a crafted petite packer file, related to an\n incorrect compiler optimization (bnc#916215).\n * CVE-2014-9328: ClamAV allowed remote attackers to have unspecified\n impact via a crafted upack packer file, related to a heap out of\n bounds condition (bnc#915512).\n * CVE-2015-1461: ClamAV allowed remote attackers to have unspecified\n impact via a crafted (1) Yoda's crypter or (2) mew packer file,\n related to a heap out of bounds condition (bnc#916217).\n\n Security Issues:\n\n * CVE-2015-1462\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1462\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1462</a>>\n * CVE-2014-9328\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9328\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9328</a>>\n * CVE-2015-1463\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1463\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1463</a>>\n * CVE-2015-1461\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1461\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1461</a>>\n\n", "modified": "2015-02-17T03:04:56", "published": "2015-02-17T03:04:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html", "id": "SUSE-SU-2015:0298-1", "title": "Security update for clamav (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:39:50", "bulletinFamily": "unix", "description": "clamav was updated to version 0.98.6 that fixes bugs and several security\n issues:\n\n * bsc#916217, CVE-2015-1461: Remote attackers can have unspecified impact\n via Yoda's crypter or mew packer files.\n * bsc#916214, CVE-2015-1462: Unspecified impact via acrafted upx packer\n file.\n * bsc#916215, CVE-2015-1463: Remote attackers can cause a denial\n of service via a crafted petite packer file.\n * bsc#915512, CVE-2014-9328: heap out of bounds condition with crafted\n upack packer files.\n\n", "modified": "2015-02-13T16:05:18", "published": "2015-02-13T16:05:18", "id": "OPENSUSE-SU-2015:0285-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html", "title": "Security update for clamav (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "description": "### Background\n\nClamAV is a GPL virus scanner.\n\n### Description\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting in a Denial of Service condition or other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ClamAV users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-antivirus/clamav-0.98.7\"", "modified": "2015-12-30T00:00:00", "published": "2015-12-30T00:00:00", "id": "GLSA-201512-08", "href": "https://security.gentoo.org/glsa/201512-08", "type": "gentoo", "title": "ClamAV: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:48", "bulletinFamily": "unix", "description": "Package : clamav\nVersion : 0.98.7+dfsg-0+deb6u1\nCVE ID : CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463\n CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2668\n\nUpstream published version 0.98.7. This update updates sqeeze-lts to the\nlatest upstream release in line with the approach used for other Debian\nreleases.\n\nThe changes are not strictly required for operation, but users of the previous\nversion in Squeeze may not be able to make use of all current virus signatures\nand might get warnings.\n\nThe bug fixes that are part of this release include security fixes related\nto packed or crypted files (CVE-2014-9328, CVE-2015-1461, CVE-2015-1462,\nCVE-2015-1463, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, and CVE-2015-2668)\nand several fixes to the embedded libmspack library, including a potential\ninfinite loop in the Quantum decoder (CVE-2014-9556).\n\nIf you use clamav, we strongly recommend that you upgrade to this version.\n", "modified": "2015-05-29T03:57:55", "published": "2015-05-29T03:57:55", "id": "DEBIAN:DLA-233-1:4B465", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201505/msg00017.html", "title": "[SECURITY] [DLA 233-1] clamav security and upstream version update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
