Lucene search

K
ubuntuUbuntuUSN-672-1
HistoryNov 17, 2008 - 12:00 a.m.

ClamAV vulnerability

2008-11-1700:00:00
ubuntu.com
69

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.054

Percentile

93.1%

Releases

  • Ubuntu 8.10

Packages

  • clamav -

Details

Moritz Jodeit discovered that ClamAV did not correctly handle certain
strings when examining a VBA project. If a remote attacker tricked ClamAV
into processing a malicious VBA file, ClamAV would crash, leading to a
denial of service.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchlibclamav5< 0.94.dfsg.1-1ubuntu0.1UNKNOWN
Ubuntu8.10noarchclamav< 0.94.dfsg.1-1ubuntu0.1UNKNOWN
Ubuntu8.10noarchclamav< daemon-0.94.dfsg.1-1ubuntu0.1UNKNOWN
Ubuntu8.10noarchclamav< dbg-0.94.dfsg.1-1ubuntu0.1UNKNOWN
Ubuntu8.10noarchclamav< freshclam-0.94.dfsg.1-1ubuntu0.1UNKNOWN
Ubuntu8.10noarchclamav< milter-0.94.dfsg.1-1ubuntu0.1UNKNOWN
Ubuntu8.10noarchlibclamav-dev< 0.94.dfsg.1-1ubuntu0.1UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.054

Percentile

93.1%