GLSA-200709-14 : ClamAV: Multiple vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200709-14
(ClamAV: Multiple vulnerabilities)

Nikolaos Rangos discovered a vulnerability in ClamAV which exists
because the recipient address extracted from email messages is not
properly sanitized before being used in a call to 'popen()' when
executing sendmail (CVE-2007-4560). Also, NULL pointer dereference
errors exist within the 'cli_scanrtf()' function in libclamav/rtf.c and
Stefanos Stamatis discovered a NULL pointer dereference vulnerability
within the 'cli_html_normalise()' function in libclamav/htmlnorm.c
(CVE-2007-4510).

Impact :

The unsanitized recipient address can be exploited to execute arbitrary
code with the privileges of the clamav-milter process by sending an
email with a specially crafted recipient address to the affected
system. Also, the NULL pointer dereference errors can be exploited to
crash ClamAV. Successful exploitation of the latter vulnerability
requires that clamav-milter is started with the 'black hole' mode
activated, which is not enabled by default.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200709-14.xml

Solution :

All ClamAV users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.91.2'

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 26104 (gentoo_GLSA-200709-14.nasl)

Bugtraq ID:

CVE ID: CVE-2007-4510
CVE-2007-4560