CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.9%
Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.93 release, including :
ClamAV 0.92 allowed local users to overwrite arbitrary files via a symlink attack on temporary files or on .ascii files in sigtool, when utf16-decode is enabled (CVE-2007-6595).
ClamAV 0.92 did not recognize Base64 uuencoded archives, which allowed remoted attackers to bypass the sanner via a base64-uuencoded file (CVE-2007-6596).
A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary (CVE-2008-0314).
An integer overflow in libclamav prior to 0.92.1 allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggered a heap-based buffer overflow (CVE-2008-0318).
An unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap corruption (CVE-2008-0728).
A buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers to execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).
ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).
A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary (CVE-2008-1833).
ClamAV prior to 0.93 allowed remote attackers to bypass the scanning engine via a RAR file with an invalid version number (CVE-2008-1835).
A vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (crash) via a crafted message that produced a string that was not null terminated, triggering a buffer over-read (CVE-2008-1836).
A vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (crash) via a crafted RAR file (CVE-2008-1837).
Other bugs have also been corrected in 0.93 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2008:088.
# The text itself is copyright (C) Mandriva S.A.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(37368);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2007-6595", "CVE-2007-6596", "CVE-2008-0314", "CVE-2008-0318", "CVE-2008-0728", "CVE-2008-1100", "CVE-2008-1387", "CVE-2008-1833", "CVE-2008-1835", "CVE-2008-1836", "CVE-2008-1837");
script_xref(name:"MDVSA", value:"2008:088");
script_name(english:"Mandriva Linux Security Advisory : clamav (MDVSA-2008:088)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities were discovered in ClamAV and corrected with
the 0.93 release, including :
ClamAV 0.92 allowed local users to overwrite arbitrary files via a
symlink attack on temporary files or on .ascii files in sigtool, when
utf16-decode is enabled (CVE-2007-6595).
ClamAV 0.92 did not recognize Base64 uuencoded archives, which allowed
remoted attackers to bypass the sanner via a base64-uuencoded file
(CVE-2007-6596).
A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted PeSpin packed PE binary
(CVE-2008-0314).
An integer overflow in libclamav prior to 0.92.1 allowed remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted Petite packed PE file, which triggered a heap-based
buffer overflow (CVE-2008-0318).
An unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap
corruption (CVE-2008-0728).
A buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).
ClamAV prior to 0.93 allowed remote attackers to cause a denial of
service (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).
A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted WWPack compressed PE binary
(CVE-2008-1833).
ClamAV prior to 0.93 allowed remote attackers to bypass the scanning
engine via a RAR file with an invalid version number (CVE-2008-1835).
A vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed
remote attackers to cause a denial of service (crash) via a crafted
message that produced a string that was not null terminated,
triggering a buffer over-read (CVE-2008-1836).
A vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote
attackers to cause a denial of service (crash) via a crafted RAR file
(CVE-2008-1837).
Other bugs have also been corrected in 0.93 which is being provided
with this update. Because this new version has increased the major of
the libclamav library, updated dependent packages are also being
provided."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cwe_id(20, 59, 119, 189, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-db");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-milter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamdmon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dansguardian");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:klamav");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");
script_set_attribute(attribute:"patch_publication_date", value:"2008/04/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2007.1", reference:"clamav-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"clamav-db-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"clamav-milter-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"clamd-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"clamdmon-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64clamav-devel-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64clamav4-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libclamav-devel-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libclamav4-0.93-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"clamav-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"clamav-db-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"clamav-milter-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"clamd-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"clamdmon-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"klamav-0.42-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64clamav-devel-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64clamav4-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libclamav-devel-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libclamav4-0.93-1.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"clamav-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"clamav-db-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"clamav-milter-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"clamd-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"clamdmon-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"dansguardian-2.9.9.2-4.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"klamav-0.42-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64clamav-devel-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64clamav4-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libclamav-devel-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libclamav4-0.93-1.1mdv2008.1", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0728
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837