Detections
Analytics

GLSA-200402-07 : Clam Antivirus DoS vulnerability

medium Nessus Plugin ID 14451

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200402-07 (Clam Antivirus DoS vulnerability)

 Oliver Eikemeier of Fillmore Labs discovered the overflow in Clam AV 0.65 when it handled malformed UUEncoded messages, causing the daemon to shut down.
 The problem originated in libclamav which calculates the line length of an uuencoded message by taking the ASCII value of the first character minus 64 while doing an assertion if the length is not in the allowed range, effectively terminating the calling program as clamav would not be available.
 Impact :

 A malformed message would cause a denial of service, and depending on the server configuration this may impact other daemons relying on Clam AV in a fatal manner.
 Workaround :

 There is no immediate workaround, a software upgrade is required.

Solution

All users are urged to upgrade their Clam AV installations to Clam AV 0.67:
 # emerge sync # emerge -pv '>=app-antivirus/clamav-0.6.7' # emerge '>=app-antivirus/clamav-0.6.7'

See Also

https://security.gentoo.org/glsa/200402-07

Plugin Details

Severity: Medium

ID: 14451

File Name: gentoo_GLSA-200402-07.nasl

Version: 1.14

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:clamav, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2/17/2004

Vulnerability Publication Date: 2/9/2004

Reference Information

GLSA: 200402-07