Vulnerabilities > CVE-2011-3627 - Numeric Errors vulnerability in Clamav
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-20.NASL description The remote host is affected by the vulnerability described in GLSA-201110-20 (Clam AntiVirus: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may execute arbitrary code with the privileges of the Clam AntiVirus process or cause a Denial of Service by causing an affected user or system to scan a crafted file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56595 published 2011-10-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56595 title GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201110-20. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(56595); script_version("1.13"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2010-0405", "CVE-2010-3434", "CVE-2010-4260", "CVE-2010-4261", "CVE-2010-4479", "CVE-2011-1003", "CVE-2011-2721", "CVE-2011-3627"); script_bugtraq_id(43331, 43555, 45152, 46470, 48891); script_xref(name:"GLSA", value:"201110-20"); script_xref(name:"IAVB", value:"2010-B-0083"); script_name(english:"GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201110-20 (Clam AntiVirus: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may execute arbitrary code with the privileges of the Clam AntiVirus process or cause a Denial of Service by causing an affected user or system to scan a crafted file. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201110-20" ); script_set_attribute( attribute:"solution", value: "All Clam AntiVirus users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.97.3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:clamav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/24"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-antivirus/clamav", unaffected:make_list("ge 0.97.3"), vulnerable:make_list("lt 0.97.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Clam AntiVirus"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2011-15076.NASL description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56732 published 2011-11-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56732 title Fedora 14 : clamav-0.97.3-1400.fc14 (2011-15076) NASL family SuSE Local Security Checks NASL id SUSE_11_4_CLAMAV-111019.NASL description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 75800 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75800 title openSUSE Security Update : clamav (openSUSE-SU-2011:1177-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1258-1.NASL description Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56777 published 2011-11-11 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56777 title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : clamav vulnerability (USN-1258-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15119.NASL description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56733 published 2011-11-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56733 title Fedora 15 : clamav-0.97.3-1500.fc15 (2011-15119) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15033.NASL description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56731 published 2011-11-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56731 title Fedora 16 : clamav-0.97.3-1600.fc16 (2011-15033) NASL family SuSE Local Security Checks NASL id SUSE_11_3_CLAMAV-111019.NASL description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 75452 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75452 title openSUSE Security Update : clamav (openSUSE-SU-2011:1177-1) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-7804.NASL description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 56602 published 2011-10-24 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56602 title SuSE 10 Security Update : clamav (ZYPP Patch Number 7804) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-7805.NASL description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 57169 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57169 title SuSE 10 Security Update : clamav (ZYPP Patch Number 7805) NASL family SuSE Local Security Checks NASL id SUSE_11_CLAMAV-111019.NASL description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 57093 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57093 title SuSE 11.1 Security Update : clamav (SAT Patch Number 5309)
References
- http://www.securityfocus.com/bid/50183
- http://www.openwall.com/lists/oss-security/2011/10/18/1
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html
- https://bugzilla.redhat.com/show_bug.cgi?id=746984
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html
- http://www.ubuntu.com/usn/USN-1258-1
- http://secunia.com/advisories/46826
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html
- http://secunia.com/advisories/46717
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commitdiff%3Bh=3d664817f6ef833a17414a4ecea42004c35cc42f