Vulnerabilities > CVE-2006-5874 - Denial Of Service vulnerability in Clam Anti-Virus MIME Attachments
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_078.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:078 (clamav). The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems: CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. last seen 2019-10-28 modified 2007-02-18 plugin id 24453 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24453 title SUSE-SA:2006:078: clamav NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1232.NASL description Stephen Gran discovered that malformed base64-encoded MIME attachments can lead to denial of service through a NULL pointer dereference. last seen 2020-06-01 modified 2020-06-02 plugin id 23845 published 2006-12-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23845 title Debian DSA-1232-1 : clamav - missing sanity checks NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-2391.NASL description This update to ClamAV version 0.88.7 fixes various bugs : CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. last seen 2020-06-01 modified 2020-06-02 plugin id 27177 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27177 title openSUSE 10 Security Update : clamav (clamav-2391) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-230.NASL description The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406). As well, a vulnerability was discovered that allows remote attackers to cause a stack overflow and application crash by wrapping many layers of multipart/mixed content around a document (CVE-2006-6481). The latest ClamAV is being provided to address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24613 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24613 title Mandrake Linux Security Advisory : clamav (MDKSA-2006:230) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-2390.NASL description This update to ClamAV version 0.88.7 fixes various bugs : - Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. (CVE-2006-5874) - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 / CVE-2006-6406. (CVE-2006-6481) - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. (CVE-2006-6406) last seen 2020-06-01 modified 2020-06-02 plugin id 29397 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29397 title SuSE 10 Security Update : clamav (ZYPP Patch Number 2390)
References
- http://secunia.com/advisories/23327
- http://secunia.com/advisories/23362
- http://secunia.com/advisories/23411
- http://www.debian.org/security/2006/dsa-1232
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:230
- http://www.novell.com/linux/security/advisories/2006_78_clamav.html
- http://www.securityfocus.com/bid/21510