Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2008 Greenbone AGOPENVAS:136141256231060430
HistoryFeb 28, 2008 - 12:00 a.m.

Debian: Security Advisory (DSA-1497-1)

2008-02-2800:00:00
Copyright (C) 2008 Greenbone AG
plugins.openvas.org
8

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.421

Percentile

97.4%

JSON

The remote host is missing an update for the Debian

# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.60430");
  script_cve_id("CVE-2007-6595", "CVE-2008-0318");
  script_tag(name:"creation_date", value:"2008-02-28 01:09:28 +0000 (Thu, 28 Feb 2008)");
  script_version("2024-02-01T14:37:10+0000");
  script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_name("Debian: Security Advisory (DSA-1497-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB4");

  script_xref(name:"Advisory-ID", value:"DSA-1497-1");
  script_xref(name:"URL", value:"https://www.debian.org/security/2008/DSA-1497-1");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1497");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'clamav' package(s) announced via the DSA-1497-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Several vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to the execution of arbitrary code or local denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-6595

It was discovered that temporary files are created insecurely, which may result in local denial of service by overwriting files.

CVE-2008-0318

Silvio Cesare discovered an integer overflow in the parser for PE headers.

The version of clamav in the old stable distribution (sarge) is no longer supported with security updates.

For the stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-3etch10. In addition to these fixes, this update also incorporates changes from the upcoming point release of the stable distribution (non-free RAR handling code was removed).

We recommend that you upgrade your clamav packages.");

  script_tag(name:"affected", value:"'clamav' package(s) on Debian 4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB4") {

  if(!isnull(res = isdpkgvuln(pkg:"clamav", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"clamav-base", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"clamav-daemon", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"clamav-dbg", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"clamav-docs", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"clamav-freshclam", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"clamav-milter", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"clamav-testfiles", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libclamav-dev", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libclamav2", ver:"0.90.1dfsg-3etch10", rls:"DEB4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 20
debian 1
nessus 12
osv 2
redhatcve 2
cvelist 2
cve 2
nvd 2
debiancve 2
prion 2
ubuntucve 2
altlinux 3
freebsd 1
securityvulns 2
checkpoint_advisories 1
fedora 2
gentoo 2
suse 1
openvas
openvas
Debian Security Advisory DSA 1497-1 (clamav)
2008-02-28 00:00:00
FreeBSD Ports: clamav
2008-09-04 00:00:00
FreeBSD Ports: clamav
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 1497-1] New clamav packages fix several vulnerabilities
2008-02-16 15:26:12
nessus
nessus
Debian DSA-1497-1 : clamav - several vulnerabilities
2008-02-18 00:00:00
FreeBSD : clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability (be4b0529-dbaf-11dc-9791-000ea6702141)
2008-02-18 00:00:00
Fedora 8 : clamav-0.92.1-1.fc8 (2008-1625)
2008-02-14 00:00:00
osv
osv
clamav - several vulnerabilities
2008-02-16 00:00:00
clamav-0.103.3-1.4 on GA media
2024-06-15 00:00:00
redhatcve
redhatcve
CVE-2007-6595
2019-10-04 21:29:07
CVE-2008-0318
2019-10-04 21:38:24
cvelist
cvelist
CVE-2007-6595
2007-12-31 19:00:00
CVE-2008-0318
2008-02-12 19:00:00
cve
cve
CVE-2007-6595
2007-12-31 19:46:00
CVE-2008-0318
2008-02-12 20:00:00
nvd
nvd
CVE-2007-6595
2007-12-31 19:46:00
CVE-2008-0318
2008-02-12 20:00:00
debiancve
debiancve
CVE-2007-6595
2007-12-31 19:46:00
CVE-2008-0318
2008-02-12 20:00:00
prion
prion
Code injection
2007-12-31 19:46:00
Integer overflow
2008-02-12 20:00:00
ubuntucve
ubuntucve
CVE-2007-6595
2007-12-31 00:00:00
CVE-2008-0318
2008-02-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package clamav version 0.92.1-alt1
2008-02-12 00:00:00
Security fix for the ALT Linux 9 package clamav version 0.92.1-alt1
2008-02-12 00:00:00
Security fix for the ALT Linux 8 package clamav version 0.92.1-alt1
2008-02-12 00:00:00
freebsd
freebsd
clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability
2008-01-07 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 02.12.08: ClamAV libclamav PE File Integer Overflow Vulnerability
2008-02-13 00:00:00
ClamAV antivirus integer overflow
2008-02-13 00:00:00
checkpoint_advisories
checkpoint_advisories
ClamAV libclamav PE File Handling Integer Overflow (CVE-2008-0318)
2009-10-07 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: clamav-0.92.1-1.fc8
2008-02-13 05:16:27
[SECURITY] Fedora 7 Update: clamav-0.92.1-1.fc7
2008-02-13 05:14:44
gentoo
gentoo
ClamAV: Multiple vulnerabilities
2008-02-21 00:00:00
ClamAV: Multiple Denials of Service
2008-08-08 00:00:00
suse
suse
remote code execution in clamav
2008-04-24 17:12:58

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.421

Percentile

97.4%

JSON
Related for OPENVAS:136141256231060430
openvas20debian1nessus12osv2redhatcve2cvelist2cve2nvd2debiancve2prion2ubuntucve2altlinux3freebsd1securityvulns2checkpoint_advisories1fedora2gentoo2suse1