Vulnerabilities > CVE-2005-2450 - Unspecified vulnerability in Clam Anti-Virus Clamav 0.85/0.85.1/0.86

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.

Vulnerable Configurations

Part Description Count
Application
Clam_Anti-Virus
3

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200507-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200507-25 (Clam AntiVirus: Integer overflows) Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is vulnerable to integer overflows when handling the TNEF, CHM and FSG file formats. Impact : By sending a specially crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id19327
    published2005-07-31
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19327
    titleGLSA-200507-25 : Clam AntiVirus: Integer overflows
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200507-25.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19327);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2005-2450");
      script_xref(name:"GLSA", value:"200507-25");
    
      script_name(english:"GLSA-200507-25 : Clam AntiVirus: Integer overflows");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200507-25
    (Clam AntiVirus: Integer overflows)
    
        Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is
        vulnerable to integer overflows when handling the TNEF, CHM and FSG
        file formats.
      
    Impact :
    
        By sending a specially crafted file an attacker could execute arbitrary
        code with the permissions of the user running Clam AntiVirus.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # http://sourceforge.net/project/shownotes.php?release_id=344514
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6651b7a5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200507-25"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Clam AntiVirus users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.86.2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/07/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.86.2"), vulnerable:make_list("lt 0.86.2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Clam AntiVirus");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-125.NASL
    descriptionNeel Mehta and Alex Wheeler discovered integer overflow vulnerabilities in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats. By sending a specially crafted file, an attacker could execute arbitrary code with the permissions of the user running Clam AV. This update provides clamav 0.86.2 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19886
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19886
    titleMandrake Linux Security Advisory : clamav (MDKSA-2005:125)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:125. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19886);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2005-2450");
      script_xref(name:"MDKSA", value:"2005:125");
    
      script_name(english:"Mandrake Linux Security Advisory : clamav (MDKSA-2005:125)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Neel Mehta and Alex Wheeler discovered integer overflow
    vulnerabilities in Clam AntiVirus when handling the TNEF, CHM, and FSG
    file formats. By sending a specially crafted file, an attacker could
    execute arbitrary code with the permissions of the user running Clam
    AV.
    
    This update provides clamav 0.86.2 which is not vulnerable to these
    issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://sourceforge.net/project/shownotes.php?release_id=344514"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-db");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-milter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav1-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.1", reference:"clamav-0.86.2-0.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"clamav-db-0.86.2-0.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"clamav-milter-0.86.2-0.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"clamd-0.86.2-0.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64clamav1-0.86.2-0.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64clamav1-devel-0.86.2-0.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libclamav1-0.86.2-0.1.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libclamav1-devel-0.86.2-0.1.101mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.2", reference:"clamav-0.86.2-0.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"clamav-db-0.86.2-0.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"clamav-milter-0.86.2-0.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"clamd-0.86.2-0.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64clamav1-0.86.2-0.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64clamav1-devel-0.86.2-0.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libclamav1-0.86.2-0.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libclamav1-devel-0.86.2-0.1.102mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-776.NASL
    descriptionSeveral bugs were discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The following problems were identified : - CAN-2005-2450 Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is vulnerable to integer overflows when handling the TNEF, CHM and FSG file formats. - CVE-NOMATCH Mark Pizzolato fixed a possible infinite loop that could cause a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id19432
    published2005-08-18
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19432
    titleDebian DSA-776-1 : clamav - integer overflows, infinite loop
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-776. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19432);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2005-2450");
      script_bugtraq_id(14359);
      script_xref(name:"DSA", value:"776");
    
      script_name(english:"Debian DSA-776-1 : clamav - integer overflows, infinite loop");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several bugs were discovered in Clam AntiVirus, the antivirus scanner
    for Unix, designed for integration with mail servers to perform
    attachment scanning. The following problems were identified :
    
      - CAN-2005-2450
        Neel Mehta and Alex Wheeler discovered that Clam
        AntiVirus is vulnerable to integer overflows when
        handling the TNEF, CHM and FSG file formats.
    
      - CVE-NOMATCH
    
        Mark Pizzolato fixed a possible infinite loop that could
        cause a denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-776"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the clamav package.
    
    The old stable distribution (woody) is not affected as it doesn't
    contain clamav.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 0.84-2.sarge.2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/18");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/07/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.2")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-base", reference:"0.84-2.sarge.2")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.2")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-docs", reference:"0.84-2.sarge.2")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.2")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.2")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-testfiles", reference:"0.84-2.sarge.2")) flag++;
    if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.2")) flag++;
    if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");