Vulnerabilities > CVE-2007-0897 - Missing Release of Resource after Effective Lifetime vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
clamav
apple
debian
CWE-772
nessus

Summary

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

Vulnerable Configurations

Part Description Count
Application
Clamav
87
OS
Apple
51
OS
Debian
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • HTTP DoS
    An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_CLAMAV-2631.NASL
    descriptionThis update to ClamAV version 0.90 fixes various bugs : - A filedescriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. (CVE-2007-0897) - A directory traversal in handling of MIME E-Mail headers could be used by remote attackers to overwrite local files owned by the user under which clamd is running. (CVE-2007-0898)
    last seen2020-06-01
    modified2020-06-02
    plugin id29398
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29398
    titleSuSE 10 Security Update : clamav (ZYPP Patch Number 2631)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29398);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2007-0897", "CVE-2007-0898");
    
      script_name(english:"SuSE 10 Security Update : clamav (ZYPP Patch Number 2631)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update to ClamAV version 0.90 fixes various bugs :
    
      - A filedescriptor leak in the handling of CAB files can
        lead to a denial of service attack against the clamd
        scanner daemon caused by remote attackers.
        (CVE-2007-0897)
    
      - A directory traversal in handling of MIME E-Mail headers
        could be used by remote attackers to overwrite local
        files owned by the user under which clamd is running.
        (CVE-2007-0898)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0897.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0898.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2631.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_cwe_id(22);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:0, reference:"clamav-0.90-0.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CLAMAV-2632.NASL
    descriptionThis update to ClamAV version 0.90 fixes various bugs : CVE-2007-0897: A filedescriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. CVE-2007-0898: A directory traversal in handling of MIME E-Mail headers could be used by remote attackers to overwrite local files owned by the user under which clamd is running.
    last seen2020-06-01
    modified2020-06-02
    plugin id27178
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27178
    titleopenSUSE 10 Security Update : clamav (clamav-2632)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update clamav-2632.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27178);
      script_version ("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2007-0897", "CVE-2007-0898");
    
      script_name(english:"openSUSE 10 Security Update : clamav (clamav-2632)");
      script_summary(english:"Check for the clamav-2632 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update to ClamAV version 0.90 fixes various bugs :
    
    CVE-2007-0897: A filedescriptor leak in the handling of CAB files can
    lead to a denial of service attack against the clamd scanner daemon
    caused by remote attackers.
    
    CVE-2007-0898: A directory traversal in handling of MIME E-Mail
    headers could be used by remote attackers to overwrite local files
    owned by the user under which clamd is running."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected clamav package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_cwe_id(22);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"clamav-0.90-0.2") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"clamav-0.90-0.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen2020-06-01
    modified2020-06-02
    plugin id31605
    published2008-03-19
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31605
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-002)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31605);
      script_version ("1.38");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id("CVE-2005-3352", "CVE-2005-4077", "CVE-2006-3334", "CVE-2006-3747", "CVE-2006-5793",
                    "CVE-2006-6481", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-1659", "CVE-2007-1660",
                    "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-1745", "CVE-2007-1997", "CVE-2007-2445",
                    "CVE-2007-2799", "CVE-2007-3378", "CVE-2007-3725", "CVE-2007-3799", "CVE-2007-3847",
                    "CVE-2007-4510", "CVE-2007-4560", "CVE-2007-4568", "CVE-2007-4752", "CVE-2007-4766",
                    "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4887", "CVE-2007-4990", "CVE-2007-5000",
                    "CVE-2007-5266", "CVE-2007-5267", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5795",
                    "CVE-2007-5901", "CVE-2007-5958", "CVE-2007-5971", "CVE-2007-6109", "CVE-2007-6203",
                    "CVE-2007-6335", "CVE-2007-6336", "CVE-2007-6337", "CVE-2007-6388", "CVE-2007-6421",
                    "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0005", "CVE-2008-0006",
                    "CVE-2008-0044", "CVE-2008-0045", "CVE-2008-0046", "CVE-2008-0047", "CVE-2008-0048",
                    "CVE-2008-0049", "CVE-2008-0050", "CVE-2008-0051", "CVE-2008-0052", "CVE-2008-0053",
                    "CVE-2008-0054", "CVE-2008-0055", "CVE-2008-0056", "CVE-2008-0057", "CVE-2008-0058",
                    "CVE-2008-0059", "CVE-2008-0060", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0318",
                    "CVE-2008-0596", "CVE-2008-0728", "CVE-2008-0882", "CVE-2008-0987", "CVE-2008-0988",
                    "CVE-2008-0989", "CVE-2008-0990", "CVE-2008-0992", "CVE-2008-0993", "CVE-2008-0994",
                    "CVE-2008-0995", "CVE-2008-0996", "CVE-2008-0997", "CVE-2008-0998", "CVE-2008-0999",
                    "CVE-2008-1000");
      script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838,
                        26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307,
                        28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357,
                        28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372,
                        28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389);
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)");
      script_summary(english:"Check for the presence of Security Update 2008-002");
    
       script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues." );
       script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that
    does not have the security update 2008-002 applied. 
    
    This update contains several security fixes for a number of programs." );
       script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307562" );
       script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" );
       script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/14242" );
       script_set_attribute(attribute:"solution", value:
    "Install Security Update 2008-002 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399);
    
      script_set_attribute(attribute:"plugin_publication_date", value: "2008/03/19");
      script_set_attribute(attribute:"patch_publication_date", value: "2007/08/24");
      script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/02");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(0);
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)", string:packages))
        security_hole(0);
    }
    else if (egrep(pattern:"Darwin.* (9\.[0-2]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.002\.bom", string:packages))
        security_hole(0);
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200703-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200703-03 (ClamAV: Denial of Service) An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the
    last seen2020-06-01
    modified2020-06-02
    plugin id24751
    published2007-03-02
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24751
    titleGLSA-200703-03 : ClamAV: Denial of Service
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200703-03.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24751);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:43");
    
      script_cve_id("CVE-2007-0897", "CVE-2007-0898");
      script_xref(name:"GLSA", value:"200703-03");
    
      script_name(english:"GLSA-200703-03 : ClamAV: Denial of Service");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200703-03
    (ClamAV: Denial of Service)
    
        An anonymous researcher discovered a file descriptor leak error in the
        processing of CAB archives and a lack of validation of the 'id'
        parameter string used to create local files when parsing MIME headers.
      
    Impact :
    
        A remote attacker can send several crafted CAB archives with a
        zero-length record header that will fill the available file descriptors
        until no other is available, which will prevent ClamAV from scanning
        most archives. An attacker can also send an email with specially
        crafted MIME headers to overwrite local files with the permissions of
        the user running ClamAV, such as the virus database file, which could
        prevent ClamAV from detecting any virus.
      
    Workaround :
    
        The first vulnerability can be prevented by refusing any file of type
        CAB, but there is no known workaround for the second issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200703-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All ClamAV users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.90'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_cwe_id(22);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/02");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.90"), vulnerable:make_list("lt 0.90"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ClamAV");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-043.NASL
    descriptionClam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. (CVE-2007-0897) Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. (CVE-2007-0898) The update to 0.90 addresses these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24675
    published2007-02-21
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24675
    titleMandrake Linux Security Advisory : clamav (MDKSA-2007:043)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:043. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24675);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:49");
    
      script_cve_id("CVE-2007-0897", "CVE-2007-0898");
      script_xref(name:"MDKSA", value:"2007:043");
    
      script_name(english:"Mandrake Linux Security Advisory : clamav (MDKSA-2007:043)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Clam AntiVirus ClamAV before 0.90 does not close open file descriptors
    under certain conditions, which allows remote attackers to cause a
    denial of service (file descriptor consumption and failed scans) via
    CAB archives with a cabinet header record length of zero, which causes
    a function to return without closing a file descriptor.
    (CVE-2007-0897)
    
    Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV
    before 0.90 allows remote attackers to overwrite arbitrary files via a
    .. (dot dot) in the id MIME header parameter in a multi-part message.
    (CVE-2007-0898)
    
    The update to 0.90 addresses these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_cwe_id(22);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-db");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-milter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav1-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", reference:"clamav-0.90-0.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"clamav-db-0.90-0.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"clamav-milter-0.90-0.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"clamd-0.90-0.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64clamav1-0.90-0.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64clamav1-devel-0.90-0.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libclamav1-0.90-0.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libclamav1-devel-0.90-0.1.20060mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK2007.0", reference:"clamav-0.90-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"clamav-db-0.90-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"clamav-milter-0.90-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"clamd-0.90-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64clamav1-0.90-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64clamav1-devel-0.90-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libclamav1-0.90-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libclamav1-devel-0.90-1.1mdv2007.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1263.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0897 It was discovered that malformed CAB archives may exhaust file descriptors, which allows denial of service. - CVE-2007-0898 It was discovered that a directory traversal vulnerability in the MIME header parser may lead to denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id24776
    published2007-03-07
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24776
    titleDebian DSA-1263-1 : clamav - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1263. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24776);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-0897", "CVE-2007-0898");
      script_xref(name:"DSA", value:"1263");
    
      script_name(english:"Debian DSA-1263-1 : clamav - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several remote vulnerabilities have been discovered in the Clam
    anti-virus toolkit, which may lead to denial of service. The Common
    Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2007-0897
        It was discovered that malformed CAB archives may
        exhaust file descriptors, which allows denial of
        service.
    
      - CVE-2007-0898
        It was discovered that a directory traversal
        vulnerability in the MIME header parser may lead to
        denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-0897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-0898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2007/dsa-1263"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the clamav packages.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 0.84-2.sarge.15.
    
    For the upcoming stable distribution (etch) these problems have been
    fixed in version 0.88.7-2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_cwe_id(22);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/07");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.15")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-base", reference:"0.84-2.sarge.15")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.15")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-docs", reference:"0.84-2.sarge.15")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.15")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.15")) flag++;
    if (deb_check(release:"3.1", prefix:"clamav-testfiles", reference:"0.84-2.sarge.15")) flag++;
    if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.15")) flag++;
    if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.15")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

References