Lucene search
This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.CLAMAV_0_100_1.NASLHistoryAug 03, 2018 - 12:00 a.m.
ClamAV < 0.100.1 Multiple Vulnerabilities
2018-08-0300:00:00
This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.011
Percentile
84.5%
According to its version, the ClamAV clamd antivirus daemon running on the remote host is prior to 0.100.1. It is, therefore, affected by multiple vulnerabilities.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(111517);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/24");
script_cve_id("CVE-2017-16932", "CVE-2018-0360", "CVE-2018-0361");
script_xref(name:"IAVB", value:"2018-B-0096-S");
script_name(english:"ClamAV < 0.100.1 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The antivirus service running on the remote host is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its version, the ClamAV clamd antivirus daemon running on
the remote host is prior to 0.100.1. It is, therefore, affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"see_also", value:"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to ClamAV version 0.100.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-16932");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/09");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/03");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:clamav:clamav");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("clamav_detect.nasl");
script_require_keys("Antivirus/ClamAV/version", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("Antivirus/ClamAV/version");
port = get_service(svc:"clamd", default:3310, exit_on_fail:TRUE);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
if (version =~ "^0\.([0-9][0-9]\.[0-9]+|100\.0)$")
{
security_report_v4(
port:port,
severity:SECURITY_WARNING,
extra:
'\n Installed version : ' + version +
'\n Fixed version : 0.100.1' +
'\n'
);
}
else audit(AUDIT_LISTEN_NOT_VULN, "ClamAV", port, version);
Related
nessus
nessus
FreeBSD : clamav -- multiple vulnerabilities (d1e9d8c5-839b-11e8-9610-9c5c8e75236a)
2018-07-10 00:00:00
SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2018:2230-1)
2019-01-02 00:00:00
openSUSE Security Update : clamav (openSUSE-2018-838)
2018-08-09 00:00:00
freebsd
freebsd
clamav -- multiple vulnerabilities
2018-07-09 00:00:00
ubuntu
ubuntu
ClamAV regression
2018-07-26 00:00:00
ClamAV vulnerabilities
2018-07-24 00:00:00
ClamAV vulnerabilities
2018-09-18 00:00:00
openvas
openvas
openSUSE: Security Advisory for clamav (openSUSE-SU-2018:2259-1)
2018-10-26 00:00:00
Ubuntu: Security Advisory (USN-3722-6)
2022-08-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2232-1)
2021-06-09 00:00:00
suse
suse
Security update for clamav (moderate)
2018-08-09 00:25:04
Security update for clamav (moderate)
2018-08-17 12:31:48
mageia
mageia
Updated clamav packages fix security vulnerabilities
2018-07-24 01:27:34
Updated libxml2 packages fix security vulnerability
2018-01-03 18:50:51
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
debian
debian
[SECURITY] [DLA 1461-1] clamav security update
2018-08-20 21:31:46
[SECURITY] [DLA 1194-1] libxml2 security update
2017-11-30 14:05:13
[SECURITY] [DLA 2972-1] libxml2 security update
2022-04-08 21:17:02
osv
osv
clamav - security update
2018-08-09 00:00:00
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
2022-05-13 01:02:39
CVE-2018-0360
2018-07-16 17:29:00
ubuntucve
ubuntucve
ibm
ibm
cloudfoundry
cloudfoundry
USN-3504-1: libxml2 vulnerability | Cloud Foundry
2017-12-14 00:00:00
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2022-04-13 21:57:25
Copy-paste Vulnerability Through LibXML2
2017-11-23 23:43:55
Copy-Paste Vulnerability (CPV) Through Libxml2
2018-10-16 03:04:15
nvd
nvd
rubygems
rubygems
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
2018-01-28 21:00:00
alpinelinux
alpinelinux
debiancve
debiancve
cve
cve
prion
prion
Design/Logic Flaw
2017-11-23 21:29:00
Integer overflow
2018-07-16 17:29:00
Design/Logic Flaw
2018-07-16 17:29:00
redhatcve
redhatcve
CVE-2017-16932
2017-11-24 15:50:03
github
github
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
2022-05-13 01:02:39
gentoo
gentoo
ClamAV: Multiple vulnerabilities
2019-04-08 00:00:00
hackerone
hackerone
Internet Bug Bounty: Multiple issues in Libxml2 (2.9.2 - 2.9.5)
2017-11-27 06:37:31
rosalinux
rosalinux
Advisory ROSA-SA-2021-1905
2021-07-02 17:25:35
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.011
Percentile
84.5%
Related for CLAMAV_0_100_1.NASL