Vulnerabilities > CVE-2006-5295 - Unspecified vulnerability in Clam Anti-Virus Clamav
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
Vulnerable Configurations
Exploit-Db
| description | Clam AntiVirus <= 0.88.4 CHM Chunk Name Length DoS PoC. CVE-2006-5295. Dos exploits for multiple platform |
| id | EDB-ID:2586 |
| last seen | 2016-01-31 |
| modified | 2006-10-17 |
| published | 2006-10-17 |
| reporter | Damian Put |
| source | https://www.exploit-db.com/download/2586/ |
| title | Clam AntiVirus <= 0.88.4 CHM Chunk Name Length DoS PoC |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-184.NASL description An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file (CVE-2006-4182). Another vulnerability could allow a remote attacker to cause a DoS via a crafted compressed HTML (CHM) file that causes ClamAV to read an invalid memory location (CVE-2006-5295). These issues are corrected in ClamAV 0.88.5 which is provided with this update. last seen 2020-06-01 modified 2020-06-02 plugin id 24569 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24569 title Mandrake Linux Security Advisory : clamav (MDKSA-2006:184) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_060.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:060 (clamav). Two security problems have been found and fixed in the anti virus scan engine last seen 2019-10-28 modified 2007-02-18 plugin id 24438 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24438 title SUSE-SA:2006:060: clamav NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-2179.NASL description Two security problems have been found in the antivirus scan engine last seen 2020-06-01 modified 2020-06-02 plugin id 29395 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29395 title SuSE 10 Security Update : clamav (ZYPP Patch Number 2179) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1196.NASL description Several remote vulnerabilities have been discovered in the ClamAV malware scan engine, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4182 Damian Put discovered a heap overflow error in the script to rebuild PE files, which could lead to the execution of arbitrary code. - CVE-2006-5295 Damian Put discovered that missing input sanitising in the CHM handling code might lead to denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22905 published 2006-10-25 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22905 title Debian DSA-1196-1 : clamav - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-2180.NASL description Two security problems have been found and fixed in the antivirus scan engine last seen 2020-06-01 modified 2020-06-02 plugin id 27175 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27175 title openSUSE 10 Security Update : clamav (clamav-2180)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423
- http://www.securityfocus.com/bid/20537
- http://secunia.com/advisories/22370
- http://www.novell.com/linux/security/advisories/2006_60_clamav.html
- http://securitytracker.com/id?1017068
- http://secunia.com/advisories/22421
- http://secunia.com/advisories/22498
- http://kolab.org/security/kolab-vendor-notice-13.txt
- http://www.debian.org/security/2006/dsa-1196
- http://secunia.com/advisories/22488
- http://secunia.com/advisories/22537
- http://security.gentoo.org/glsa/glsa-200610-10.xml
- http://secunia.com/advisories/22551
- http://secunia.com/advisories/22626
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:184
- http://www.vupen.com/english/advisories/2006/4264
- http://www.vupen.com/english/advisories/2006/4136
- http://www.vupen.com/english/advisories/2006/4034
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29608