Vulnerabilities > CVE-2007-3725 - Unspecified vulnerability in Clam Anti-Virus Clamav

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
clam-anti-virus
nessus
exploit available

Summary

The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

Vulnerable Configurations

Part Description Count
Application
Clam_Anti-Virus
54

Exploit-Db

descriptionMultiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability. CVE-2007-3725. Remote exploit for linux platform
idEDB-ID:30291
last seen2016-02-03
modified2007-07-11
published2007-07-11
reporterMetaeye Security Group
sourcehttps://www.exploit-db.com/download/30291/
titleMultiple Vendors - RAR Handling Remote Null Pointer Dereference Vulnerability

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1340.NASL
    descriptionA NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives. We are currently unable to provide fixed packages for the MIPS architectures. Those packages will be installed in the security archive when they become available.
    last seen2020-06-01
    modified2020-06-02
    plugin id25782
    published2007-07-27
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25782
    titleDebian DSA-1340-1 : clamav - NULL pointer dereference
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1340. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25782);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-3725");
      script_xref(name:"DSA", value:"1340");
    
      script_name(english:"Debian DSA-1340-1 : clamav - NULL pointer dereference");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A NULL pointer dereference has been discovered in the RAR VM of Clam
    Antivirus (ClamAV) which allows user-assisted remote attackers to
    cause a denial of service via a specially crafted RAR archives.
    
    We are currently unable to provide fixed packages for the MIPS
    architectures. Those packages will be installed in the security
    archive when they become available."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2007/dsa-1340"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the clamav packages.
    
    The old stable distribution (sarge) is not affected by this problem.
    
    For the stable distribution (etch) this problem has been fixed in
    version 0.90.1-3etch4."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"clamav", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"clamav-base", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"clamav-daemon", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"clamav-dbg", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"clamav-docs", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"clamav-freshclam", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"clamav-milter", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"clamav-testfiles", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"libclamav-dev", reference:"0.90.1-3etch4")) flag++;
    if (deb_check(release:"4.0", prefix:"libclamav2", reference:"0.90.1-3etch4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200708-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200708-04 (ClamAV: Denial of Service) Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives. Impact : A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id25869
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25869
    titleGLSA-200708-04 : ClamAV: Denial of Service
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200708-04.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25869);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-3725");
      script_xref(name:"GLSA", value:"200708-04");
    
      script_name(english:"GLSA-200708-04 : ClamAV: Denial of Service");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200708-04
    (ClamAV: Denial of Service)
    
        Metaeye Security Group reported a NULL pointer dereference in ClamAV
        when processing RAR archives.
      
    Impact :
    
        A remote attacker could send a specially crafted RAR archive to the
        clamd daemon, resulting in a crash and a Denial of Service.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200708-04"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All ClamAV users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.91'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/13");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.91"), vulnerable:make_list("lt 0.91"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ClamAV");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen2020-06-01
    modified2020-06-02
    plugin id31605
    published2008-03-19
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31605
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-002)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31605);
      script_version ("1.38");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id("CVE-2005-3352", "CVE-2005-4077", "CVE-2006-3334", "CVE-2006-3747", "CVE-2006-5793",
                    "CVE-2006-6481", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-1659", "CVE-2007-1660",
                    "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-1745", "CVE-2007-1997", "CVE-2007-2445",
                    "CVE-2007-2799", "CVE-2007-3378", "CVE-2007-3725", "CVE-2007-3799", "CVE-2007-3847",
                    "CVE-2007-4510", "CVE-2007-4560", "CVE-2007-4568", "CVE-2007-4752", "CVE-2007-4766",
                    "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4887", "CVE-2007-4990", "CVE-2007-5000",
                    "CVE-2007-5266", "CVE-2007-5267", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5795",
                    "CVE-2007-5901", "CVE-2007-5958", "CVE-2007-5971", "CVE-2007-6109", "CVE-2007-6203",
                    "CVE-2007-6335", "CVE-2007-6336", "CVE-2007-6337", "CVE-2007-6388", "CVE-2007-6421",
                    "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0005", "CVE-2008-0006",
                    "CVE-2008-0044", "CVE-2008-0045", "CVE-2008-0046", "CVE-2008-0047", "CVE-2008-0048",
                    "CVE-2008-0049", "CVE-2008-0050", "CVE-2008-0051", "CVE-2008-0052", "CVE-2008-0053",
                    "CVE-2008-0054", "CVE-2008-0055", "CVE-2008-0056", "CVE-2008-0057", "CVE-2008-0058",
                    "CVE-2008-0059", "CVE-2008-0060", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0318",
                    "CVE-2008-0596", "CVE-2008-0728", "CVE-2008-0882", "CVE-2008-0987", "CVE-2008-0988",
                    "CVE-2008-0989", "CVE-2008-0990", "CVE-2008-0992", "CVE-2008-0993", "CVE-2008-0994",
                    "CVE-2008-0995", "CVE-2008-0996", "CVE-2008-0997", "CVE-2008-0998", "CVE-2008-0999",
                    "CVE-2008-1000");
      script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838,
                        26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307,
                        28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357,
                        28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372,
                        28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389);
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)");
      script_summary(english:"Check for the presence of Security Update 2008-002");
    
       script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues." );
       script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that
    does not have the security update 2008-002 applied. 
    
    This update contains several security fixes for a number of programs." );
       script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307562" );
       script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" );
       script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/14242" );
       script_set_attribute(attribute:"solution", value:
    "Install Security Update 2008-002 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399);
    
      script_set_attribute(attribute:"plugin_publication_date", value: "2008/03/19");
      script_set_attribute(attribute:"patch_publication_date", value: "2007/08/24");
      script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/02");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(0);
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)", string:packages))
        security_hole(0);
    }
    else if (egrep(pattern:"Darwin.* (9\.[0-2]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.002\.bom", string:packages))
        security_hole(0);
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CLAMAV-3901.NASL
    descriptionThis clamav version update to 0.91.1 fixes among other things the long startup time of version 0.90.3 as well as a possibilty to crash clamav with specially crafted rar archives (CVE-2007-3725).
    last seen2020-06-01
    modified2020-06-02
    plugin id27184
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27184
    titleopenSUSE 10 Security Update : clamav (clamav-3901)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update clamav-3901.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27184);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2007-3725");
    
      script_name(english:"openSUSE 10 Security Update : clamav (clamav-3901)");
      script_summary(english:"Check for the clamav-3901 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This clamav version update to 0.91.1 fixes among other things the long
    startup time of version 0.90.3 as well as a possibilty to crash clamav
    with specially crafted rar archives (CVE-2007-3725)."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected clamav packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:clamav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:clamav-db");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"clamav-0.91.1-2.2") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"clamav-db-0.91.1-2.2") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"clamav-0.91.1-2.1") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"clamav-db-0.91.1-2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CLAMAV-3902.NASL
    descriptionThis clamav version update to 0.91.1 fixes among other things the long startup time of version 0.90.3 as well as a possibilty to crash clamav with specially crafted rar archives. (CVE-2007-3725)
    last seen2020-06-01
    modified2020-06-02
    plugin id29403
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29403
    titleSuSE 10 Security Update : clamav (ZYPP Patch Number 3902)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29403);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2007-3725");
    
      script_name(english:"SuSE 10 Security Update : clamav (ZYPP Patch Number 3902)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This clamav version update to 0.91.1 fixes among other things the long
    startup time of version 0.90.3 as well as a possibilty to crash clamav
    with specially crafted rar archives. (CVE-2007-3725)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3725.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 3902.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:1, reference:"clamav-0.91.1-2.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-150.NASL
    descriptionA vulnerability in the RAR VM in ClamAV allowed user-assisted remote attackers to cause a crash via a crafted RAR archive which resulted in a NULL pointer dereference. Other bugs have also been corrected in 0.91.1 which is being provided with this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id25796
    published2007-07-27
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25796
    titleMandrake Linux Security Advisory : clamav (MDKSA-2007:150)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:150. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25796);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:49");
    
      script_cve_id("CVE-2007-3725");
      script_xref(name:"MDKSA", value:"2007:150");
    
      script_name(english:"Mandrake Linux Security Advisory : clamav (MDKSA-2007:150)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability in the RAR VM in ClamAV allowed user-assisted remote
    attackers to cause a crash via a crafted RAR archive which resulted in
    a NULL pointer dereference.
    
    Other bugs have also been corrected in 0.91.1 which is being provided
    with this update."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-db");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-milter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamdmon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav2-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.0", reference:"clamav-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"clamav-db-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"clamav-milter-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"clamd-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"clamdmon-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64clamav2-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64clamav2-devel-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libclamav2-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libclamav2-devel-0.91.1-1.1mdv2007.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2007.1", reference:"clamav-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"clamav-db-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"clamav-milter-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"clamd-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"clamdmon-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64clamav2-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64clamav2-devel-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libclamav2-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libclamav2-devel-0.91.1-1.1mdv2007.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");