Vulnerabilities > CVE-2006-1630 - Unspecified vulnerability in Clam Anti-Virus Clamav
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN clam-anti-virus
nessus
Summary
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1024.NASL description Several remote vulnerabilities have been discovered in the ClamAV anti-virus toolkit, which may lead to denial of service and potentially to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1614 Damian Put discovered an integer overflow in the PE header parser. This is only exploitable if the ArchiveMaxFileSize option is disabled. - CVE-2006-1615 Format string vulnerabilities in the logging code have been discovered, which might lead to the execution of arbitrary code. - CVE-2006-1630 David Luyer discovered, that ClamAV can be tricked into an invalid memory access in the cli_bitset_set() function, which may lead to a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22566 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22566 title Debian DSA-1024-1 : clamav - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1024. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22566); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-1614", "CVE-2006-1615", "CVE-2006-1630"); script_xref(name:"DSA", value:"1024"); script_name(english:"Debian DSA-1024-1 : clamav - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the ClamAV anti-virus toolkit, which may lead to denial of service and potentially to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1614 Damian Put discovered an integer overflow in the PE header parser. This is only exploitable if the ArchiveMaxFileSize option is disabled. - CVE-2006-1615 Format string vulnerabilities in the logging code have been discovered, which might lead to the execution of arbitrary code. - CVE-2006-1630 David Luyer discovered, that ClamAV can be tricked into an invalid memory access in the cli_bitset_set() function, which may lead to a denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-1614" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-1615" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-1630" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1024" ); script_set_attribute( attribute:"solution", value: "Upgrade the clamav package. The old stable distribution (woody) doesn't contain clamav packages. For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.8." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.8")) flag++; if (deb_check(release:"3.1", prefix:"clamav-base", reference:"0.84-2.sarge.8")) flag++; if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.8")) flag++; if (deb_check(release:"3.1", prefix:"clamav-docs", reference:"0.84-2.sarge.8")) flag++; if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.8")) flag++; if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.8")) flag++; if (deb_check(release:"3.1", prefix:"clamav-testfiles", reference:"0.84-2.sarge.8")) flag++; if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.8")) flag++; if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2006-003.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari last seen 2020-06-01 modified 2020-06-02 plugin id 21341 published 2006-05-12 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21341 title Mac OS X Multiple Vulnerabilities (Security Update 2006-003) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(21341); script_version("1.21"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2006-1439", "CVE-2006-1982", "CVE-2006-1983", "CVE-2006-1984", "CVE-2006-1985", "CVE-2006-1440", "CVE-2006-1441", "CVE-2006-1442", "CVE-2006-1614", "CVE-2006-1615", "CVE-2006-1630", "CVE-2006-1443", "CVE-2006-1444", "CVE-2006-1448", "CVE-2006-1445", "CVE-2005-2628", "CVE-2006-0024", "CVE-2006-1552", "CVE-2006-1446", "CVE-2006-1447", "CVE-2005-4077", "CVE-2006-1449", "CVE-2006-1450", "CVE-2006-1451", "CVE-2006-1452", "CVE-2006-1453", "CVE-2006-1454", "CVE-2006-1455", "CVE-2006-1456", "CVE-2005-2337", "CVE-2006-1457"); script_bugtraq_id(17634, 17951); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2006-003)"); script_summary(english:"Check for Security Update 2006-003"); script_set_attribute(attribute:"synopsis", value: "The remote operating system is missing a vendor-supplied patch."); script_set_attribute(attribute:"description", value: "The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari"); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=303737"); script_set_attribute(attribute:"solution", value: "Mac OS X 10.4 : http://support.apple.com/downloads/Security_Update_2006_003_Mac_OS_X_10_4_6_Client__PPC_ http://support.apple.com/downloads/Security_Update_2006_003_Mac_OS_X_10_4_6_Client__Intel_ Mac OS X 10.3 : http://support.apple.com/downloads/Security_Update_2006_003__10_3_9_Client_ http://support.apple.com/downloads/Security_Update_2006_003__10_3_9_Server_"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-6]\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?(2006-00[3467]|2007-003)", string:packages)) security_hole(0); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200604-06.NASL description The remote host is affected by the vulnerability described in GLSA-200604-06 (ClamAV: Multiple vulnerabilities) ClamAV contains format string vulnerabilities in the logging code (CVE-2006-1615). Furthermore Damian Put discovered an integer overflow in ClamAV last seen 2020-06-01 modified 2020-06-02 plugin id 21199 published 2006-04-08 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21199 title GLSA-200604-06 : ClamAV: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200604-06. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(21199); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-1614", "CVE-2006-1615", "CVE-2006-1630"); script_xref(name:"GLSA", value:"200604-06"); script_name(english:"GLSA-200604-06 : ClamAV: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200604-06 (ClamAV: Multiple vulnerabilities) ClamAV contains format string vulnerabilities in the logging code (CVE-2006-1615). Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser (CVE-2006-1614) and David Luyer discovered that ClamAV can be tricked into performing an invalid memory access (CVE-2006-1630). Impact : By sending a malicious attachment to a mail server running ClamAV, a remote attacker could cause a Denial of Service or the execution of arbitrary code. Note that the overflow in the PE header parser is only exploitable when the ArchiveMaxFileSize option is disabled. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200604-06" ); script_set_attribute( attribute:"solution", value: "All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.88.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/08"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.88.1"), vulnerable:make_list("lt 0.88.1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ClamAV"); }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_020.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:020 (clamav). Clamav was updated to version 0.88.1 to fix the following security problems: - An integer overflow in the PE header parser (CVE-2006-1614). - Format string bugs in the logging code could potentially be exploited to execute arbitrary code (CVE-2006-1615). - Access to invalid memory could lead to a crash (CVE-2006-1630). last seen 2019-10-28 modified 2006-04-17 plugin id 21233 published 2006-04-17 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21233 title SUSE-SA:2006:020: clamav code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:020 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(21233); script_version ("1.8"); name["english"] = "SUSE-SA:2006:020: clamav"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2006:020 (clamav). Clamav was updated to version 0.88.1 to fix the following security problems: - An integer overflow in the PE header parser (CVE-2006-1614). - Format string bugs in the logging code could potentially be exploited to execute arbitrary code (CVE-2006-1615). - Access to invalid memory could lead to a crash (CVE-2006-1630)." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2006_20_clamav.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2006/04/17"); script_end_attributes(); summary["english"] = "Check for the version of the clamav package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"clamav-0.88.1-0.2", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"clamav-0.88.1-0.4", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"clamav-0.88.1-0.2", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"clamav-0.88.1-0.2", release:"SUSE9.3") ) { security_hole(0); exit(0); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6A5174BDC58011DA911000123FFE8333.NASL description Secunia reports : Some vulnerabilities have been reported in ClamAV, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. An unspecified integer overflow error exists in the PE header parser in last seen 2020-06-01 modified 2020-06-02 plugin id 21446 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21446 title FreeBSD : clamav -- Multiple Vulnerabilities (6a5174bd-c580-11da-9110-00123ffe8333) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(21446); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-1614", "CVE-2006-1615", "CVE-2006-1630"); script_xref(name:"DSA", value:"1024"); script_xref(name:"Secunia", value:"19534"); script_name(english:"FreeBSD : clamav -- Multiple Vulnerabilities (6a5174bd-c580-11da-9110-00123ffe8333)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Secunia reports : Some vulnerabilities have been reported in ClamAV, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. An unspecified integer overflow error exists in the PE header parser in 'libclamav/pe.c'. Successful exploitation requires that the ArchiveMaxFileSize option is disabled. Some format string errors in the logging handling in 'shared/output.c' may be exploited to execute arbitrary code. An out-of-bounds memory access error in the 'cli_bitset_test()' function in 'ibclamav/others.c' may be exploited to cause a crash." ); # https://vuxml.freebsd.org/freebsd/6a5174bd-c580-11da-9110-00123ffe8333.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?211e856e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:clamav-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/06"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"clamav<0.88.1")) flag++; if (pkg_test(save_report:TRUE, pkg:"clamav-devel<=20051104_1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-067.NASL description Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614). Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615). David Luyer found that ClamAV could be tricked into an invalid memory access in the cli_bitset_set() function, which could lead to a Denial of Service (CVE-2006-1630). This update provides ClamAV 0.88.1 which corrects this issue and also fixes some other bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 21202 published 2006-04-08 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21202 title Mandrake Linux Security Advisory : clamav (MDKSA-2006:067) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:067. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(21202); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-1614", "CVE-2006-1615", "CVE-2006-1630"); script_xref(name:"MDKSA", value:"2006:067"); script_name(english:"Mandrake Linux Security Advisory : clamav (MDKSA-2006:067)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614). Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615). David Luyer found that ClamAV could be tricked into an invalid memory access in the cli_bitset_set() function, which could lead to a Denial of Service (CVE-2006-1630). This update provides ClamAV 0.88.1 which corrects this issue and also fixes some other bugs." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-db"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-milter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav1-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.2", reference:"clamav-0.88.1-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"clamav-db-0.88.1-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"clamav-milter-0.88.1-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"clamd-0.88.1-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64clamav1-0.88.1-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64clamav1-devel-0.88.1-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libclamav1-0.88.1-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libclamav1-devel-0.88.1-0.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"clamav-0.88.1-0.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"clamav-db-0.88.1-0.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"clamav-milter-0.88.1-0.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"clamd-0.88.1-0.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64clamav1-0.88.1-0.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64clamav1-devel-0.88.1-0.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libclamav1-0.88.1-0.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libclamav1-devel-0.88.1-0.1.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638
- http://www.debian.org/security/2006/dsa-1024
- http://www.securityfocus.com/bid/17388
- http://secunia.com/advisories/19534
- http://secunia.com/advisories/19536
- http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml
- http://www.trustix.org/errata/2006/0020
- http://secunia.com/advisories/19570
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html
- http://secunia.com/advisories/19608
- http://secunia.com/advisories/19564
- http://secunia.com/advisories/19567
- http://www.osvdb.org/24459
- http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- http://www.us-cert.gov/cas/techalerts/TA06-132A.html
- http://secunia.com/advisories/20077
- http://www.securityfocus.com/bid/17951
- http://up2date.astaro.com/2006/05/low_up2date_6202.html
- http://secunia.com/advisories/23719
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:067
- http://www.vupen.com/english/advisories/2006/1258
- http://www.vupen.com/english/advisories/2006/1779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25662