Vulnerabilities > CVE-2006-4182 - Buffer Overflow vulnerability in Clam Anti-Virus PE Rebuilding Heap
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. This vulnerability is addressed in the following product release: Clam Anti-Virus, ClamAV, 0.88.5
Vulnerable Configurations
Exploit-Db
| description | Clam AntiVirus. CVE-2006-4182. Dos exploits for multiple platform |
| id | EDB-ID:2587 |
| last seen | 2016-01-31 |
| modified | 2006-10-17 |
| published | 2006-10-17 |
| reporter | Damian Put |
| source | https://www.exploit-db.com/download/2587/ |
| title | Clam AntiVirus <= 0.88.4 - rebuildpe Remote Heap Overflow PoC |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-184.NASL description An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file (CVE-2006-4182). Another vulnerability could allow a remote attacker to cause a DoS via a crafted compressed HTML (CHM) file that causes ClamAV to read an invalid memory location (CVE-2006-5295). These issues are corrected in ClamAV 0.88.5 which is provided with this update. last seen 2020-06-01 modified 2020-06-02 plugin id 24569 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24569 title Mandrake Linux Security Advisory : clamav (MDKSA-2006:184) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_060.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:060 (clamav). Two security problems have been found and fixed in the anti virus scan engine last seen 2019-10-28 modified 2007-02-18 plugin id 24438 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24438 title SUSE-SA:2006:060: clamav NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-2179.NASL description Two security problems have been found in the antivirus scan engine last seen 2020-06-01 modified 2020-06-02 plugin id 29395 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29395 title SuSE 10 Security Update : clamav (ZYPP Patch Number 2179) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1196.NASL description Several remote vulnerabilities have been discovered in the ClamAV malware scan engine, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4182 Damian Put discovered a heap overflow error in the script to rebuild PE files, which could lead to the execution of arbitrary code. - CVE-2006-5295 Damian Put discovered that missing input sanitising in the CHM handling code might lead to denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22905 published 2006-10-25 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22905 title Debian DSA-1196-1 : clamav - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200610-10.NASL description The remote host is affected by the vulnerability described in GLSA-200610-10 (ClamAV: Multiple Vulnerabilities) Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible crash in chmunpack.c in the CHM unpacker. Impact : By sending a malicious attachment to a mail server running ClamAV, or providing a malicious file to ClamAV through any other method, a remote attacker could cause a Denial of Service and potentially the execution of arbitrary code with the permissions of the user running ClamAV. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22913 published 2006-10-25 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22913 title GLSA-200610-10 : ClamAV: Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-2180.NASL description Two security problems have been found and fixed in the antivirus scan engine last seen 2020-06-01 modified 2020-06-02 plugin id 27175 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27175 title openSUSE 10 Security Update : clamav (clamav-2180)
Seebug
| bulletinFamily | exploit |
| description | Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X存在多个安全问题,远程和本地攻击者可以利用漏洞进行恶意代码执行,拒绝服务攻击,特权提升,覆盖文件,获得敏感信息等攻击。 具体问题如下: AirPort-CVE-ID: CVE-2006-5710: AirPort无线驱动不正确处理应答帧,可导致基于堆的溢出。 ATS-CVE-ID: CVE-2006-4396: Apple Type服务不安全建立错误日至可导致任意文件覆盖。 ATS-CVE-ID: CVE-2006-4398: Apple Type服务存在多个缓冲区溢出,可导致以高权限执行任意代码。 ATS-CVE-ID: CVE-2006-4400: 利用特殊的字体文件,可导致任意代码执行。 CFNetwork-CVE-ID: CVE-2006-4401: 通过诱使用户访问恶意ftp URI,可导致任意ftp命令执行。 ClamAV-CVE-ID: CVE-2006-4182: 恶意email消息可导致ClamAV执行任意代码。 Finder-CVE-ID: CVE-2006-4402: 通过浏览共享目录可导致应用程序崩溃或执行任意代码。 ftpd-CVE-ID: CVE-2006-4403: 当ftp访问启用时,未授权用户可判别合法的账户名。 gnuzip-CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338: gunzip处理压缩文件存在多个问题,可导致应用程序崩溃或执行任意指令。 Installer-CVE-ID: CVE-2006-4404: 当以管理用户安装软件时,系统权限可能被未授权利用。 OpenSSL-CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343: OpenSSL存在多个安全问题可导致任意代码执行或者获得敏感信息。 perl-CVE-ID: CVE-2005-3962: 不安全处理字符串,可导致Perl应用程序执行任意代码。 PHP-CVE-ID: CVE-2006-1490, CVE-2006-1990: Php应用程序存在多个问题,可导致拒绝服务或执行任意代码。 PHP-CVE-ID: CVE-2006-5465: PHP的htmlentities()和htmlspecialchars()函数存在缓冲区溢出,可导致任意代码执行。 PPP-CVE-ID: CVE-2006-4406: 在不可信的本地网络上使用PPPoE可导致任意代码执行。 Samba-CVE-ID: CVE-2006-3403: 当Windows共享使用时,远程攻击者可进行拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4407: 不安全的传送方法可导致不协商最安全的加密信息。 Security Framework-CVE-ID: CVE-2006-4408: 处理X.509证书时可导致拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4409: 当使用http代理时,证书废弃列表不能获得。 Security Framework-CVE-ID: CVE-2006-4410: 部分调用证书错误的被授权。 VPN-CVE-ID: CVE-2006-4411: 恶意本地用户可获得系统特权。 WebKit-CVE-ID: CVE-2006-4412: 通过诱使用户浏览恶意web页执行任意代码。 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 <a href="http://docs.info.apple.com/article.html?artnum=304829" target="_blank">http://docs.info.apple.com/article.html?artnum=304829</a> |
| id | SSV:623 |
| last seen | 2017-11-19 |
| modified | 2006-11-29 |
| published | 2006-11-29 |
| reporter | Root |
| title | Apple Mac OS X 2006-007存在多个安全漏洞 |
References
- http://docs.info.apple.com/article.html?artnum=304829
- http://kolab.org/security/kolab-vendor-notice-13.txt
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/22370
- http://secunia.com/advisories/22421
- http://secunia.com/advisories/22488
- http://secunia.com/advisories/22498
- http://secunia.com/advisories/22537
- http://secunia.com/advisories/22551
- http://secunia.com/advisories/22626
- http://secunia.com/advisories/23155
- http://security.gentoo.org/glsa/glsa-200610-10.xml
- http://securitytracker.com/id?1017068
- http://www.debian.org/security/2006/dsa-1196
- http://www.kb.cert.org/vuls/id/180864
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:184
- http://www.novell.com/linux/security/advisories/2006_60_clamav.html
- http://www.securityfocus.com/bid/20535
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vupen.com/english/advisories/2006/4034
- http://www.vupen.com/english/advisories/2006/4136
- http://www.vupen.com/english/advisories/2006/4264
- http://www.vupen.com/english/advisories/2006/4750
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29607