Vulnerabilities > CVE-2006-6406 - Unspecified vulnerability in Clam Anti-Virus Clamav 0.88.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1238.NASL description Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-6406 Hendrik Weimer discovered that invalid characters in base64 encoded data may lead to bypass of scanning mechanisms. - CVE-2006-6481 Hendrik Weimer discovered that deeply nested multipart/mime MIME data may lead to denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 23912 published 2006-12-18 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23912 title Debian DSA-1238-1 : clamav - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1238. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(23912); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2006-6406", "CVE-2006-6481"); script_xref(name:"DSA", value:"1238"); script_name(english:"Debian DSA-1238-1 : clamav - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-6406 Hendrik Weimer discovered that invalid characters in base64 encoded data may lead to bypass of scanning mechanisms. - CVE-2006-6481 Hendrik Weimer discovered that deeply nested multipart/mime MIME data may lead to denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-6406" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-6481" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1238" ); script_set_attribute( attribute:"solution", value: "Upgrade the clamav packages. For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.13. For the upcoming stable distribution (etch) these problems have been fixed in version 0.88.7-1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/18"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.13")) flag++; if (deb_check(release:"3.1", prefix:"clamav-base", reference:"0.84-2.sarge.13")) flag++; if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.13")) flag++; if (deb_check(release:"3.1", prefix:"clamav-docs", reference:"0.84-2.sarge.13")) flag++; if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.13")) flag++; if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.13")) flag++; if (deb_check(release:"3.1", prefix:"clamav-testfiles", reference:"0.84-2.sarge.13")) flag++; if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.13")) flag++; if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_078.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:078 (clamav). The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems: CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. last seen 2019-10-28 modified 2007-02-18 plugin id 24453 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24453 title SUSE-SA:2006:078: clamav NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-2391.NASL description This update to ClamAV version 0.88.7 fixes various bugs : CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. last seen 2020-06-01 modified 2020-06-02 plugin id 27177 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27177 title openSUSE 10 Security Update : clamav (clamav-2391) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-230.NASL description The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406). As well, a vulnerability was discovered that allows remote attackers to cause a stack overflow and application crash by wrapping many layers of multipart/mixed content around a document (CVE-2006-6481). The latest ClamAV is being provided to address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24613 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24613 title Mandrake Linux Security Advisory : clamav (MDKSA-2006:230) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-2390.NASL description This update to ClamAV version 0.88.7 fixes various bugs : - Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. (CVE-2006-5874) - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 / CVE-2006-6406. (CVE-2006-6481) - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. (CVE-2006-6406) last seen 2020-06-01 modified 2020-06-02 plugin id 29397 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29397 title SuSE 10 Security Update : clamav (ZYPP Patch Number 2390)
References
- http://kolab.org/security/kolab-vendor-notice-14.txt
- http://secunia.com/advisories/23362
- http://secunia.com/advisories/23379
- http://secunia.com/advisories/23411
- http://secunia.com/advisories/23460
- http://www.debian.org/security/2006/dsa-1238
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:230
- http://www.novell.com/linux/security/advisories/2006_78_clamav.html
- http://www.quantenblog.net/security/virus-scanner-bypass
- http://www.securityfocus.com/archive/1/453654/100/0/threaded
- http://www.securityfocus.com/bid/21461
- http://www.vupen.com/english/advisories/2006/4948
- http://www.vupen.com/english/advisories/2006/5113