Vulnerabilities > CVE-2005-3587 - Remote Security vulnerability in ClamAV

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

critical

nessus

NVD

Published: 2005-11-16

Updated: 2010-04-02

Summary

Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.

Part	Description	Count
Application	Clam_Anti-Virus Clam Anti Virus Clamav 0.15 Clam Anti Virus Clamav 0.20 Clam Anti Virus Clamav 0.21 Clam Anti Virus Clamav 0.22 Clam Anti Virus Clamav 0.23 Clam Anti Virus Clamav 0.24 Clam Anti Virus Clamav 0.51 Clam Anti Virus Clamav 0.52 Clam Anti Virus Clamav 0.53 Clam Anti Virus Clamav 0.54 Clam Anti Virus Clamav 0.60 Clam Anti Virus Clamav 0.65 Clam Anti Virus Clamav 0.67 Clam Anti Virus Clamav 0.68 Clam Anti Virus Clamav 0.68.1 Clam Anti Virus Clamav 0.70 Clam Anti Virus Clamav 0.71 Clam Anti Virus Clamav 0.72 Clam Anti Virus Clamav 0.73 Clam Anti Virus Clamav 0.74 Clam Anti Virus Clamav 0.75 Clam Anti Virus Clamav 0.75.1 Clam Anti Virus Clamav 0.80 Clam Anti Virus Clamav 0.81 Clam Anti Virus Clamav 0.82 Clam Anti Virus Clamav 0.83 Clam Anti Virus Clamav 0.84 Clam Anti Virus Clamav 0.85 Clam Anti Virus Clamav 0.85.1 Clam Anti Virus Clamav 0.86 Clam Anti Virus Clamav 0.86.1 Clam Anti Virus Clamav 0.86.2 Clam Anti Virus Clamav 0.87	33

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200511-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-200511-04 (ClamAV: Multiple vulnerabilities) ClamAV has multiple security flaws: a boundary check was performed incorrectly in petite.c, a buffer size calculation in unfsg_133 was incorrect in fsg.c, a possible infinite loop was fixed in tnef.c and a possible infinite loop in cabd_find was fixed in cabd.c . In addition to this, Marcin Owsiany reported that a corrupted DOC file causes a segmentation fault in ClamAV. Impact : By sending a malicious attachment to a mail server that is hooked with ClamAV, a remote attacker could cause a Denial of Service or the execution of arbitrary code. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	20154
published	2005-11-07
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/20154
title	GLSA-200511-04 : ClamAV: Multiple vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-205.NASL
description	A number of vulnerabilities were discovered in ClamAV versions prior to 0.87.1 : The OLE2 unpacker in clamd allows remote attackers to cause a DoS (segfault) via a DOC file with an invalid property tree (CVE-2005-3239) The FSG unpacker allows remote attackers to cause
last seen	2020-06-01
modified	2020-06-02
plugin id	20439
published	2006-01-15
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20439
title	Mandrake Linux Security Advisory : clamav (MDKSA-2005:205)