Vulnerabilities > CVE-2005-2450 - Integer Overflow vulnerability in Clam Anti-Virus Clamav 0.85/0.85.1/0.86
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200507-25.NASL description The remote host is affected by the vulnerability described in GLSA-200507-25 (Clam AntiVirus: Integer overflows) Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is vulnerable to integer overflows when handling the TNEF, CHM and FSG file formats. Impact : By sending a specially crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19327 published 2005-07-31 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19327 title GLSA-200507-25 : Clam AntiVirus: Integer overflows code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200507-25. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19327); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-2450"); script_xref(name:"GLSA", value:"200507-25"); script_name(english:"GLSA-200507-25 : Clam AntiVirus: Integer overflows"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200507-25 (Clam AntiVirus: Integer overflows) Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is vulnerable to integer overflows when handling the TNEF, CHM and FSG file formats. Impact : By sending a specially crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus. Workaround : There is no known workaround at this time." ); # http://sourceforge.net/project/shownotes.php?release_id=344514 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6651b7a5" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200507-25" ); script_set_attribute( attribute:"solution", value: "All Clam AntiVirus users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.86.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.86.2"), vulnerable:make_list("lt 0.86.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Clam AntiVirus"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-125.NASL description Neel Mehta and Alex Wheeler discovered integer overflow vulnerabilities in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats. By sending a specially crafted file, an attacker could execute arbitrary code with the permissions of the user running Clam AV. This update provides clamav 0.86.2 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19886 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19886 title Mandrake Linux Security Advisory : clamav (MDKSA-2005:125) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:125. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(19886); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-2450"); script_xref(name:"MDKSA", value:"2005:125"); script_name(english:"Mandrake Linux Security Advisory : clamav (MDKSA-2005:125)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Neel Mehta and Alex Wheeler discovered integer overflow vulnerabilities in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats. By sending a specially crafted file, an attacker could execute arbitrary code with the permissions of the user running Clam AV. This update provides clamav 0.86.2 which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"http://sourceforge.net/project/shownotes.php?release_id=344514" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-db"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-milter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav1-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/07/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.1", reference:"clamav-0.86.2-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"clamav-db-0.86.2-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"clamav-milter-0.86.2-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"clamd-0.86.2-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64clamav1-0.86.2-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64clamav1-devel-0.86.2-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libclamav1-0.86.2-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libclamav1-devel-0.86.2-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"clamav-0.86.2-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"clamav-db-0.86.2-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"clamav-milter-0.86.2-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"clamd-0.86.2-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64clamav1-0.86.2-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64clamav1-devel-0.86.2-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libclamav1-0.86.2-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libclamav1-devel-0.86.2-0.1.102mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-776.NASL description Several bugs were discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The following problems were identified : - CAN-2005-2450 Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is vulnerable to integer overflows when handling the TNEF, CHM and FSG file formats. - CVE-NOMATCH Mark Pizzolato fixed a possible infinite loop that could cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 19432 published 2005-08-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19432 title Debian DSA-776-1 : clamav - integer overflows, infinite loop code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-776. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(19432); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-2450"); script_bugtraq_id(14359); script_xref(name:"DSA", value:"776"); script_name(english:"Debian DSA-776-1 : clamav - integer overflows, infinite loop"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several bugs were discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The following problems were identified : - CAN-2005-2450 Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is vulnerable to integer overflows when handling the TNEF, CHM and FSG file formats. - CVE-NOMATCH Mark Pizzolato fixed a possible infinite loop that could cause a denial of service." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-776" ); script_set_attribute( attribute:"solution", value: "Upgrade the clamav package. The old stable distribution (woody) is not affected as it doesn't contain clamav. For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/18"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/07/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"clamav-base", reference:"0.84-2.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"clamav-docs", reference:"0.84-2.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"clamav-testfiles", reference:"0.84-2.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.2")) flag++; if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000987
- http://marc.info/?l=bugtraq&m=112230864412932&w=2
- http://secunia.com/advisories/16180
- http://secunia.com/advisories/16229
- http://secunia.com/advisories/16250
- http://secunia.com/advisories/16296
- http://secunia.com/advisories/16458
- http://security.gentoo.org/glsa/glsa-200507-25.xml
- http://sourceforge.net/project/shownotes.php?release_id=344514
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.osvdb.org/18257
- http://www.osvdb.org/18258
- http://www.osvdb.org/18259
- http://www.securityfocus.com/bid/14359
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21555