Vulnerabilities > CVE-2007-4510 - Remote Denial of Service vulnerability in ClamAV
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 7 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200709-14.NASL description The remote host is affected by the vulnerability described in GLSA-200709-14 (ClamAV: Multiple vulnerabilities) Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to last seen 2020-06-01 modified 2020-06-02 plugin id 26104 published 2007-09-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26104 title GLSA-200709-14 : ClamAV: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200709-14. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(26104); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-4510", "CVE-2007-4560"); script_xref(name:"GLSA", value:"200709-14"); script_name(english:"GLSA-200709-14 : ClamAV: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200709-14 (ClamAV: Multiple vulnerabilities) Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to 'popen()' when executing sendmail (CVE-2007-4560). Also, NULL pointer dereference errors exist within the 'cli_scanrtf()' function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL pointer dereference vulnerability within the 'cli_html_normalise()' function in libclamav/htmlnorm.c (CVE-2007-4510). Impact : The unsanitized recipient address can be exploited to execute arbitrary code with the privileges of the clamav-milter process by sending an email with a specially crafted recipient address to the affected system. Also, the NULL pointer dereference errors can be exploited to crash ClamAV. Successful exploitation of the latter vulnerability requires that clamav-milter is started with the 'black hole' mode activated, which is not enabled by default. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200709-14" ); script_set_attribute( attribute:"solution", value: "All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.91.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(78); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.91.2"), vulnerable:make_list("lt 0.91.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ClamAV"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-2050.NASL description - Sat Aug 25 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.91.2-2 - fixed an open(2) issue - Sat Aug 25 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.91.2-1 - updated to 0.91.2 (SECURITY) : - CVE-2007-4510 DOS in RTF parser - DOS in html normalizer - arbitrary command execution by special crafted recipients in clamav-milter last seen 2020-06-01 modified 2020-06-02 plugin id 27747 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27747 title Fedora 7 : clamav-0.91.2-2.fc7 (2007-2050) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2050. # include("compat.inc"); if (description) { script_id(27747); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-4510", "CVE-2007-4560"); script_bugtraq_id(25398, 25439); script_xref(name:"FEDORA", value:"2007-2050"); script_name(english:"Fedora 7 : clamav-0.91.2-2.fc7 (2007-2050)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Sat Aug 25 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.91.2-2 - fixed an open(2) issue - Sat Aug 25 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.91.2-1 - updated to 0.91.2 (SECURITY) : - CVE-2007-4510 DOS in RTF parser - DOS in html normalizer - arbitrary command execution by special crafted recipients in clamav-milter's black-hole mode Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003629.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fc903132" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(78); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-data-empty"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-filesystem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-milter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-milter-sysv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-server-sysv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav-update"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"clamav-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-data-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-data-empty-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-debuginfo-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-devel-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-filesystem-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-lib-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-milter-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-milter-sysv-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-server-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-server-sysv-0.91.2-2.fc7")) flag++; if (rpm_check(release:"FC7", reference:"clamav-update-0.91.2-2.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav / clamav-data / clamav-data-empty / clamav-debuginfo / etc"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-002.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 31605 published 2008-03-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31605 title Mac OS X Multiple Vulnerabilities (Security Update 2008-002) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(31605); script_version ("1.38"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-3352", "CVE-2005-4077", "CVE-2006-3334", "CVE-2006-3747", "CVE-2006-5793", "CVE-2006-6481", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-1745", "CVE-2007-1997", "CVE-2007-2445", "CVE-2007-2799", "CVE-2007-3378", "CVE-2007-3725", "CVE-2007-3799", "CVE-2007-3847", "CVE-2007-4510", "CVE-2007-4560", "CVE-2007-4568", "CVE-2007-4752", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4887", "CVE-2007-4990", "CVE-2007-5000", "CVE-2007-5266", "CVE-2007-5267", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5795", "CVE-2007-5901", "CVE-2007-5958", "CVE-2007-5971", "CVE-2007-6109", "CVE-2007-6203", "CVE-2007-6335", "CVE-2007-6336", "CVE-2007-6337", "CVE-2007-6388", "CVE-2007-6421", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0005", "CVE-2008-0006", "CVE-2008-0044", "CVE-2008-0045", "CVE-2008-0046", "CVE-2008-0047", "CVE-2008-0048", "CVE-2008-0049", "CVE-2008-0050", "CVE-2008-0051", "CVE-2008-0052", "CVE-2008-0053", "CVE-2008-0054", "CVE-2008-0055", "CVE-2008-0056", "CVE-2008-0057", "CVE-2008-0058", "CVE-2008-0059", "CVE-2008-0060", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0318", "CVE-2008-0596", "CVE-2008-0728", "CVE-2008-0882", "CVE-2008-0987", "CVE-2008-0988", "CVE-2008-0989", "CVE-2008-0990", "CVE-2008-0992", "CVE-2008-0993", "CVE-2008-0994", "CVE-2008-0995", "CVE-2008-0996", "CVE-2008-0997", "CVE-2008-0998", "CVE-2008-0999", "CVE-2008-1000"); script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838, 26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307, 28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357, 28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372, 28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)"); script_summary(english:"Check for the presence of Security Update 2008-002"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs." ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307562" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" ); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/14242" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-002 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/03/19"); script_set_attribute(attribute:"patch_publication_date", value: "2007/08/24"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-2]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.002\.bom", string:packages)) security_hole(0); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-172.NASL description A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference (CVE-2007-4510). A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call (CVE-2007-4560). Other bugs have also been corrected in 0.91.2 which is being provided with this update. last seen 2020-06-01 modified 2020-06-02 plugin id 25969 published 2007-09-03 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25969 title Mandrake Linux Security Advisory : clamav (MDKSA-2007:172) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:172. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(25969); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-4510", "CVE-2007-4560"); script_bugtraq_id(25398, 25439); script_xref(name:"MDKSA", value:"2007:172"); script_name(english:"Mandrake Linux Security Advisory : clamav (MDKSA-2007:172)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference (CVE-2007-4510). A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call (CVE-2007-4560). Other bugs have also been corrected in 0.91.2 which is being provided with this update." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(78); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-db"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamav-milter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:clamdmon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64clamav2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libclamav2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"clamav-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"clamav-db-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"clamav-milter-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"clamd-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"clamdmon-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64clamav-devel-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64clamav2-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libclamav-devel-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libclamav2-0.91.2-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"clamav-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"clamav-db-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"clamav-milter-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"clamd-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"clamdmon-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64clamav-devel-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64clamav2-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libclamav-devel-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libclamav2-0.91.2-1.1mdv2007.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1366.NASL description Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4510 It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service. - CVE-2007-4560 It was discovered that clamav-milter performs insufficient input sanitising, resulting in the execution of arbitrary shell commands. The oldstable distribution (sarge) is only affected by a subset of the problems. An update will be provided later. last seen 2020-06-01 modified 2020-06-02 plugin id 25966 published 2007-09-03 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25966 title Debian DSA-1366-1 : clamav - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1366. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(25966); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-4510", "CVE-2007-4560"); script_xref(name:"DSA", value:"1366"); script_name(english:"Debian DSA-1366-1 : clamav - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4510 It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service. - CVE-2007-4560 It was discovered that clamav-milter performs insufficient input sanitising, resulting in the execution of arbitrary shell commands. The oldstable distribution (sarge) is only affected by a subset of the problems. An update will be provided later." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4510" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4560" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1366" ); script_set_attribute( attribute:"solution", value: "Upgrade the clamav packages. For the stable distribution (etch) these problems have been fixed in version 0.90.1-3etch7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(78); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"clamav", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"clamav-base", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"clamav-daemon", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"clamav-dbg", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"clamav-docs", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"clamav-freshclam", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"clamav-milter", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"clamav-testfiles", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"libclamav-dev", reference:"0.90.1-3etch7")) flag++; if (deb_check(release:"4.0", prefix:"libclamav2", reference:"0.90.1-3etch7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B6F6DA57680A11DCB350001921AB2FA4.NASL description BugTraq reports : ClamAV is prone to multiple denial-of-service vulnerabilities. A successful attack may allow an attacker to crash the application and deny service to users. last seen 2020-06-01 modified 2020-06-02 plugin id 26092 published 2007-09-24 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26092 title FreeBSD : clamav -- multiple remote Denial of Service vulnerabilities (b6f6da57-680a-11dc-b350-001921ab2fa4)
References
- http://docs.info.apple.com/article.html?artnum=307562
- http://kolab.org/security/kolab-vendor-notice-17.txt
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/26530
- http://secunia.com/advisories/26552
- http://secunia.com/advisories/26654
- http://secunia.com/advisories/26674
- http://secunia.com/advisories/26683
- http://secunia.com/advisories/26751
- http://secunia.com/advisories/26822
- http://secunia.com/advisories/26916
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200709-14.xml
- http://securityreason.com/securityalert/3054
- http://sourceforge.net/project/shownotes.php?release_id=533658
- http://www.debian.org/security/2007/dsa-1366
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:172
- http://www.novell.com/linux/security/advisories/2007_18_sr.html
- http://www.securityfocus.com/bid/25398
- http://www.trustix.org/errata/2007/0026/
- http://www.vupen.com/english/advisories/2007/2952
- http://www.vupen.com/english/advisories/2008/0924/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36177
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611