Vulnerabilities > CVE-2008-6845 - Unspecified vulnerability in Clamav

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

clamav

nessus

NVD

Published: 2009-07-02

Updated: 2018-10-11

Summary

The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.

Vulnerable Configurations

Part	Description	Count
Application	Clamav Clamav Clamav 0.86.2 Clamav Clamav 0.88.5 Clamav Clamav 0.02 Clamav Clamav 0.92 Clamav Clamav 0.15 Clamav Clamav 0.75.1 Clamav Clamav 0.65 Clamav Clamav 0.88.7 Clamav Clamav 0.81 Clamav Clamav 0.86 Clamav Clamav 0.01 Clamav Clamav 0.92_P0 Clamav Clamav 0.85 Clamav Clamav 0.84 Clamav Clamav 0.3 Clamav Clamav 0.91.2_P0 Clamav Clamav 0.93.1 Clamav Clamav 0.93 Clamav Clamav 0.90 Clamav Clamav 0.70 Clamav Clamav 0.68.1 Clamav Clamav 0.03 Clamav Clamav 0.87.1 Clamav Clamav 0.74 Clamav Clamav 0.88 Clamav Clamav 0.86.1 Clamav Clamav 0.71 Clamav Clamav 0.88.1 Clamav Clamav 0.60P Clamav Clamav 0.91.2 Clamav Clamav 0.90.3 Clamav Clamav 0.85.1 Clamav Clamav 0.13 Clamav Clamav 0.10 Clamav Clamav 0.90.1_P0 Clamav Clamav - Clamav Clamav 0.05 Clamav Clamav 0.8 Clamav Clamav 0.9 Clamav Clamav 0.12 Clamav Clamav 0.14 Clamav Clamav 0.20 Clamav Clamav 0.21 Clamav Clamav 0.22 Clamav Clamav 0.23 Clamav Clamav 0.24 Clamav Clamav 0.51 Clamav Clamav 0.52 Clamav Clamav 0.53 Clamav Clamav 0.54 Clamav Clamav 0.60 Clamav Clamav 0.66 Clamav Clamav 0.67 Clamav Clamav 0.67-1 Clamav Clamav 0.68 Clamav Clamav 0.70.0 Clamav Clamav 0.71.0 Clamav Clamav 0.72 Clamav Clamav 0.72.0 Clamav Clamav 0.73 Clamav Clamav 0.73.0 Clamav Clamav 0.74.0 Clamav Clamav 0.75 Clamav Clamav 0.75.0 Clamav Clamav 0.80 Clamav Clamav 0.80.0 Clamav Clamav 0.80_Rc Clamav Clamav 0.81.0 Clamav Clamav 0.82 Clamav Clamav 0.82.0 Clamav Clamav 0.83 Clamav Clamav 0.83.0 Clamav Clamav 0.84.0 Clamav Clamav 0.85.0 Clamav Clamav 0.86.0 Clamav Clamav 0.87 Clamav Clamav 0.87.0 Clamav Clamav 0.88.0 Clamav Clamav 0.88.2 Clamav Clamav 0.88.3 Clamav Clamav 0.88.4 Clamav Clamav 0.88.6 Clamav Clamav 0.88.7_P0 Clamav Clamav 0.88.7_P1 Clamav Clamav 0.90.0 Clamav Clamav 0.90.1 Clamav Clamav 0.90.2 Clamav Clamav 0.90.2_P0 Clamav Clamav 0.90.3_P0 Clamav Clamav 0.90.3_P1 Clamav Clamav 0.91 Clamav Clamav 0.91.0 Clamav Clamav 0.91.1 Clamav Clamav 0.92.0 Clamav Clamav 0.92.1 Clamav Clamav 0.93.0 Clamav Clamav 0.93.2 Clamav Clamav 0.93.3	116

Nessus

NASL family	Gain a shell remotely
NASL id	CLAMAV_0_94.NASL
description	According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94. Such versions are affected by one or more of the following issues : - A segmentation fault can occur when processing corrupted LZH files. (Bug #1052) - Invalid memory access errors in
last seen	2020-06-01
modified	2020-06-02
plugin id	35087
published	2008-12-11
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35087
title	ClamAV < 0.94 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(35087); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id( "CVE-2008-1389", "CVE-2008-3912", "CVE-2008-3913", "CVE-2008-3914", "CVE-2008-6845" ); script_bugtraq_id(30994, 31051, 32752); script_name(english:"ClamAV < 0.94 Multiple Vulnerabilities"); script_summary(english:"Sends a VERSION command to clamd"); script_set_attribute(attribute:"synopsis", value:"The remote antivirus service is affected by multiple issues."); script_set_attribute(attribute:"description", value: "According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94. Such versions are affected by one or more of the following issues : - A segmentation fault can occur when processing corrupted LZH files. (Bug #1052) - Invalid memory access errors in 'libclamav/chmunpack.c' when processing malformed CHM files may lead to a crash. (Bug #1089) - An out-of-memory null dereference issue exists in 'libclamav/message.c' / 'libclamav/mbox.c'. (Bug #1141) - Possible error path memory leaks exist in 'freshclam/manager.c'. (Bug #1141) - There is an invalid close on error path in 'shared/tar.c'. (Bug #1141) - There are multiple file descriptor leaks involving the 'error path' in 'libclamav/others.c' and 'libclamav/sis.c'. (Bug #1141)"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Sep/56"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Dec/110"); script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2008/09/03/2"); script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2008/09/04/13"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.clamav.net/show_bug.cgi?id=1052"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.clamav.net/show_bug.cgi?id=1089"); # http://web.archive.org/web/20080723153709/http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?91209430"); # http://web.archive.org/web/20080917045035/http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b818ae81"); script_set_attribute(attribute:"solution", value:"Upgrade to ClamAV 0.94 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(200, 399); script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/11"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:clamav:clamav"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Gain a shell remotely"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("find_service2.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/clamd", 3310); exit(0); } include("audit.inc"); include("global_settings.inc"); # nb: banner checks of open source software are prone to false- # positives so only run the check if reporting is paranoid. if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_kb_item("Services/clamd"); if (!port) port = 3310; if (!get_port_state(port)) exit(0); # Establish a connection. soc = open_sock_tcp(port); if (!soc) exit(0); # Send a VERSION command. req = "VERSION"; send(socket:soc, data:req+'\r\n'); res = recv_line(socket:soc, length:128); if (!strlen(res) \|\| "ClamAV " >!< res) exit(0); # Check the version. version = strstr(res, "ClamAV ") - "ClamAV "; if ("/" >< version) version = version - strstr(version, "/"); if (version =~ "^0\.(([0-9]\|[0-8][0-9]\|9[0-3])($\|[^0-9])\|94rc)") { if (report_verbosity) { report = string( "\n", "ClamAV version ", version, " appears to be running on the remote host based on\n", "the following response to a 'VERSION' command :\n", "\n", " ", res, "\n" ); security_hole(port:port, extra:report); } else security_hole(port); }

Summary

Vulnerable Configurations

Nessus

References