FreeBSD : clamav -- multiple vulnerabilities (b464f61b-84c7-4e1c-8ad4-6cf9efffd025)

critical Nessus Plugin ID 106427

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

ClamAV project reports :

Join us as we welcome ClamAV 0.99.3 to the family!.

This release is a security release and is recommended for all ClamAV users.

CVE-2017-12374 ClamAV UAF (use-after-free) Vulnerabilities

CVE-2017-12375 ClamAV Buffer Overflow Vulnerability

CVE-2017-12376 ClamAV Buffer Overflow in handle_pdfname Vulnerability

CVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability

CVE-2017-12378 ClamAV Buffer Over Read Vulnerability

CVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument Vulnerability

CVE-2017-12380 ClamAV Null Dereference Vulnerability

Solution

Update the affected package.

See Also

https://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

http://www.nessus.org/u?1b9c164f

Plugin Details

Severity: Critical

ID: 106427

File Name: freebsd_pkg_b464f61b84c74e1c8ad46cf9efffd025.nasl

Version: 1.5

Type: local

Published: 1/29/2018

Updated: 11/23/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:clamav, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/26/2018

Vulnerability Publication Date: 1/25/2018

Reference Information

CVE: CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380