Vulnerabilities > CVE-2008-5314 - Resource Management Errors vulnerability in Clam Anti-Virus Clamav
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | ClamAV < 0.94.2 (JPEG Parsing) Recursive Stack Overflow PoC. CVE-2008-5314. Dos exploits for multiple platform |
| file | exploits/multiple/dos/7330.c |
| id | EDB-ID:7330 |
| last seen | 2016-02-01 |
| modified | 2008-12-03 |
| platform | multiple |
| port | |
| published | 2008-12-03 |
| reporter | ilja van sprundel |
| source | https://www.exploit-db.com/download/7330/ |
| title | ClamAV < 0.94.2 JPEG Parsing Recursive Stack Overflow PoC |
| type | dos |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_12318.NASL description Specially crafted jpg files could crash the clamd daemon of clamav. (CVE-2008-5314) last seen 2020-06-01 modified 2020-06-02 plugin id 41262 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41262 title SuSE9 Security Update : ClamAV (YOU Patch Number 12318) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41262); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-5314"); script_name(english:"SuSE9 Security Update : ClamAV (YOU Patch Number 12318)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Specially crafted jpg files could crash the clamd daemon of clamav. (CVE-2008-5314)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5314.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12318."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"clamav-0.94.2-1.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200812-21.NASL description The remote host is affected by the vulnerability described in GLSA-200812-21 (ClamAV: Multiple vulnerabilities) Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Impact : A remote attacker could send a specially crafted VBA or JPEG file to the clamd daemon, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 35268 published 2008-12-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35268 title GLSA-200812-21 : ClamAV: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200812-21. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(35268); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2008-5050", "CVE-2008-5314"); script_bugtraq_id(32207); script_xref(name:"GLSA", value:"200812-21"); script_name(english:"GLSA-200812-21 : ClamAV: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200812-21 (ClamAV: Multiple vulnerabilities) Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Impact : A remote attacker could send a specially crafted VBA or JPEG file to the clamd daemon, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200812-21" ); script_set_attribute( attribute:"solution", value: "All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.94.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.94.2"), vulnerable:make_list("lt 0.94.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ClamAV"); }NASL family Gain a shell remotely NASL id CLAMAV_0_94_2.NASL description According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94.2. There is a recursive stack overflow involving the JPEG parsing code in such versions. A remote attacker may be able to leverage this issue to cause the application to recursively scan a specially crafted JPEG, which will eventually cause it to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 35009 published 2008-12-03 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35009 title ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(35009); script_version("1.16"); script_cvs_date("Date: 2018/07/06 11:26:07"); script_cve_id("CVE-2008-5314"); script_bugtraq_id(32555); script_xref(name:"Secunia", value:"32926"); script_name(english:"ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoS"); script_summary(english:"Sends a VERSION command to clamd"); script_set_attribute(attribute:"synopsis", value: "The remote antivirus service is vulnerable to a denial of service attack."); script_set_attribute(attribute:"description", value: "According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94.2. There is a recursive stack overflow involving the JPEG parsing code in such versions. A remote attacker may be able to leverage this issue to cause the application to recursively scan a specially crafted JPEG, which will eventually cause it to crash."); script_set_attribute(attribute:"see_also", value:"https://bugzilla.clamav.net/show_bug.cgi?id=1266"); # http://web.archive.org/web/20080723153709/http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?91209430"); # look for bb#1266 script_set_attribute(attribute:"solution", value:"Upgrade to ClamAV 0.94.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/03"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:clamav:clamav"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Gain a shell remotely"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("find_service2.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/clamd", 3310); exit(0); } include("audit.inc"); include("global_settings.inc"); # nb: banner checks of open source software are prone to false- # positives so only run the check if reporting is paranoid. if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_kb_item("Services/clamd"); if (!port) port = 3310; if (!get_port_state(port)) exit(0); # Establish a connection. soc = open_sock_tcp(port); if (!soc) exit(0); # Send a VERSION command. req = "VERSION"; send(socket:soc, data:req+'\r\n'); res = recv_line(socket:soc, length:128); if (!strlen(res) || "ClamAV " >!< res) exit(0); # Check the version. version = strstr(res, "ClamAV ") - "ClamAV "; if ("/" >< version) version = version - strstr(version, "/"); if (version =~ "^0\.(([0-9]|[0-8][0-9]|9[0-3])($|[^0-9])|94(\.1)?($|[^0-9.]))") { if (report_verbosity) { report = string( "\n", "ClamAV version ", version, " appears to be running on the remote host based on\n", "the following response to a 'VERSION' command :\n", "\n", " ", res, "\n" ); security_warning(port:port, extra:report); } else security_warning(port); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-001.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm last seen 2020-06-01 modified 2020-06-02 plugin id 35684 published 2009-02-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35684 title Mac OS X Multiple Vulnerabilities (Security Update 2009-001) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(35684); script_version("1.32"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_cve_id("CVE-2006-1861", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667", "CVE-2007-4565", "CVE-2007-4965", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-1887", "CVE-2008-1927", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362", "CVE-2008-2379", "CVE-2008-2711", "CVE-2008-3142", "CVE-2008-3144", "CVE-2008-3663", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5050", "CVE-2008-5183", "CVE-2008-5314", "CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013", "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019", "CVE-2009-0020", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140", "CVE-2009-0141", "CVE-2009-0142"); script_bugtraq_id(25495, 25696, 28715, 28749, 28928, 29705, 30491, 31976, 32207, 32555, 33187, 33796, 33798, 33800, 33806, 33808, 33809, 33810, 33811, 33812, 33813, 33814, 33815, 33816, 33820, 33821); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-001)"); script_summary(english:"Check for the presence of Security Update 2009-001"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/ht3438" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" ); script_set_attribute( attribute:"solution", value: "Install Security Update 2009-001 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(20, 79, 119, 189, 255, 264, 287, 310, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2009/02/13"); script_set_attribute(attribute:"patch_publication_date", value: "2009/02/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } # uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing."); if (egrep(pattern:"^SecUpd(Srvr)?(2009-00[1-9]|20[1-9][0-9]-)", string:packages)) exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected."); else security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-6]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[1-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is not affected.");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1680.NASL description Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050 ). Ilja van Sprundel discovered that ClamAV contains a denial of service condition in its JPEG file processing because it does not limit the recursion depth when processing JPEG thumbnails (CVE-2008-5314 ). last seen 2020-06-01 modified 2020-06-02 plugin id 35033 published 2008-12-04 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35033 title Debian DSA-1680-1 : clamav - buffer overflow, stack consumption code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1680. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(35033); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2008-5050", "CVE-2008-5314"); script_bugtraq_id(32207); script_xref(name:"DSA", value:"1680"); script_name(english:"Debian DSA-1680-1 : clamav - buffer overflow, stack consumption"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050 ). Ilja van Sprundel discovered that ClamAV contains a denial of service condition in its JPEG file processing because it does not limit the recursion depth when processing JPEG thumbnails (CVE-2008-5314 )." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505134" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507624" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-5050" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-5314" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1680" ); script_set_attribute( attribute:"solution", value: "Upgrade the clamav packages. For the stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-4etch16." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"clamav", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"clamav-base", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"clamav-daemon", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"clamav-dbg", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"clamav-docs", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"clamav-freshclam", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"clamav-milter", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"clamav-testfiles", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"libclamav-dev", reference:"0.90.1dfsg-4etch16")) flag++; if (deb_check(release:"4.0", prefix:"libclamav2", reference:"0.90.1dfsg-4etch16")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-684-1.NASL description Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG information. If a remote attacker sent a specially crafted JPEG file, ClamAV would crash, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37977 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37977 title Ubuntu 8.10 : clamav vulnerability (USN-684-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-239.NASL description Ilja van Sprundel found that ClamAV contained a denial of service vulnerability in how it handled processing JPEG files, due to it not limiting the recursion depth when processing JPEG thumbnails (CVE-2008-5314). Other bugs have also been corrected in 0.94.2 which is being provided with this update. last seen 2020-06-01 modified 2020-06-02 plugin id 37414 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37414 title Mandriva Linux Security Advisory : clamav (MDVSA-2008:239) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-5843.NASL description Specially crafted jpg files could crash the clamd daemon of clamav. (CVE-2008-5314) last seen 2020-06-01 modified 2020-06-02 plugin id 35103 published 2008-12-15 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35103 title openSUSE 10 Security Update : clamav (clamav-5843) NASL family SuSE Local Security Checks NASL id SUSE_11_0_CLAMAV-081204.NASL description Specially crafted jpg files could crash the clamd daemon of clamav. (CVE-2008-5314) last seen 2020-06-01 modified 2020-06-02 plugin id 39933 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39933 title openSUSE Security Update : clamav (clamav-357) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-5842.NASL description Specially crafted jpg files could crash the clamd daemon of clamav. (CVE-2008-5314) last seen 2020-06-01 modified 2020-06-02 plugin id 41485 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41485 title SuSE 10 Security Update : ClamAV (ZYPP Patch Number 5842)
References
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
- http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html
- http://osvdb.org/50363
- http://secunia.com/advisories/32926
- http://secunia.com/advisories/32936
- http://secunia.com/advisories/33016
- http://secunia.com/advisories/33195
- http://secunia.com/advisories/33317
- http://secunia.com/advisories/33937
- http://security.gentoo.org/glsa/glsa-200812-21.xml
- http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=643134
- http://support.apple.com/kb/HT3438
- http://www.debian.org/security/2008/dsa-1680
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:239
- http://www.openwall.com/lists/oss-security/2008/12/01/8
- http://www.securityfocus.com/bid/32555
- http://www.securitytracker.com/id?1021296
- http://www.ubuntu.com/usn/usn-684-1
- http://www.vupen.com/english/advisories/2008/3311
- http://www.vupen.com/english/advisories/2009/0422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46985
- https://www.exploit-db.com/exploits/7330
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266