Vulnerabilities > CVE-2011-2721 - Numeric Errors vulnerability in Clamav
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2011-10053.NASL description . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55865 published 2011-08-17 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55865 title Fedora 14 : clamav-0.97.2-1400.fc14 (2011-10053) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-10053. # include("compat.inc"); if (description) { script_id(55865); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2011-2721"); script_bugtraq_id(48891); script_xref(name:"FEDORA", value:"2011-10053"); script_name(english:"Fedora 14 : clamav-0.97.2-1400.fc14 (2011-10053)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: ". Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=725694" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063870.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b65ef987" ); script_set_attribute( attribute:"solution", value:"Update the affected clamav package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"clamav-0.97.2-1400.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1179-1.NASL description It was discovered that the hash processing code in libclamav improperly handled messages with certain hashes. This could allow a remote attacker to craft a document that could cause clamav to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55729 published 2011-07-29 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55729 title Ubuntu 11.04 : clamav vulnerability (USN-1179-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-20.NASL description The remote host is affected by the vulnerability described in GLSA-201110-20 (Clam AntiVirus: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may execute arbitrary code with the privileges of the Clam AntiVirus process or cause a Denial of Service by causing an affected user or system to scan a crafted file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56595 published 2011-10-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56595 title GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-15076.NASL description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56732 published 2011-11-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56732 title Fedora 14 : clamav-0.97.3-1400.fc14 (2011-15076) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15119.NASL description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56733 published 2011-11-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56733 title Fedora 15 : clamav-0.97.3-1500.fc15 (2011-15119) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-122.NASL description A vulnerability has been discovered and corrected in clamav : Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations (CVE-2011-2721). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to the 0.97.2 version which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 55848 published 2011-08-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55848 title Mandriva Linux Security Advisory : clamav (MDVSA-2011:122) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15033.NASL description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56731 published 2011-11-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56731 title Fedora 16 : clamav-0.97.3-1600.fc16 (2011-15033) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-7662.NASL description New clamav packages fix an off-by-one vulnerability which could lead to a DoS condition. CVE-2011-2721 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 57168 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57168 title SuSE 10 Security Update : ClamAV (ZYPP Patch Number 7662) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-7661.NASL description New clamav packages fix an off-by-one vulnerability which could lead to a DoS condition. CVE-2011-2721 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 55974 published 2011-08-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55974 title SuSE 10 Security Update : ClamAV (ZYPP Patch Number 7661) NASL family Misc. NASL id CLAMAV_0_97_2.NASL description According to its version, the ClamAV clamd antivirus daemon on the remote host is earlier than 0.97.2. As such, it is potentially affected by a denial of service vulnerability. An off-by-one error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 55905 published 2011-08-19 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55905 title ClamAV < 0.97.2 'cli_hm_scan' Denial of Service NASL family Fedora Local Security Checks NASL id FEDORA_2011-10090.NASL description . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55866 published 2011-08-17 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55866 title Fedora 15 : clamav-0.97.2-1500.fc15 (2011-10090) NASL family SuSE Local Security Checks NASL id SUSE_11_3_CLAMAV-110729.NASL description New clamav packages fix an off-by-one vulnerability which could lead to a DoS condition. CVE-2011-2721 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 75451 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75451 title openSUSE Security Update : clamav (openSUSE-SU-2011:0940-1) NASL family SuSE Local Security Checks NASL id SUSE9_12821.NASL description New clamav 0.9.7 packages fix an off-by-one vulnerability which could lead to a DoS condition. (CVE-2011-2721) It also brings other enhancements, support for signatures based on SHA1 and SHA256, better error detection, as well as speed and memory optimizations. The complete list of changes is available in the ChangeLog file. For upgrade notes and tips please see : https://wiki.clamav.net/Main/UpgradeNotes097 last seen 2020-06-01 modified 2020-06-02 plugin id 55971 published 2011-08-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55971 title SuSE9 Security Update : clamav (YOU Patch Number 12821) NASL family SuSE Local Security Checks NASL id SUSE_11_CLAMAV-110731.NASL description New clamav packages fix an off-by-one vulnerability which could lead to a DoS condition. CVE-2011-2721 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 55972 published 2011-08-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55972 title SuSE 11.1 Security Update : ClamAV (SAT Patch Number 4942) NASL family SuSE Local Security Checks NASL id SUSE_11_4_CLAMAV-110729.NASL description New clamav packages fix an off-by-one vulnerability which could lead to a DoS condition. CVE-2011-2721 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 75799 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75799 title openSUSE Security Update : clamav (openSUSE-SU-2011:0940-1)
References
- https://bugzilla.novell.com/show_bug.cgi?id=708263
- http://www.openwall.com/lists/oss-security/2011/07/26/3
- http://www.securityfocus.com/bid/48891
- http://www.ubuntu.com/usn/USN-1179-1
- http://www.openwall.com/lists/oss-security/2011/07/26/13
- https://bugzilla.redhat.com/show_bug.cgi?id=725694
- http://securitytracker.com/id?1025858
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818
- http://www.osvdb.org/74181
- http://secunia.com/advisories/45382
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:122
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html
- http://secunia.com/advisories/46717
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68785
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=4842733eb3f09be61caeed83778bb6679141dbc5
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.97.2