ClamAV < 0.97.5 Multiple Vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote antivirus service is affected by multiple
vulnerabilities.

Description :

According to its version, the ClamAV clamd antivirus daemon on the
remote host is earlier than 0.97.5 and is, therefore, potentially
affected by the following vulnerabilities :

- Errors exist related to the 'TAR' file parser that
can allow malware detection to be bypassed when
handling such files containing a length field having
certain values. (CVE-2012-1457, CVE-2012-1459)

- An error exists related to the 'CHM' file parser that
can allow malware detection to be bypassed when
handling such files containing a crafted reset interval
in the 'LZXC' header. (CVE-2012-1458)

See also :

http://blog.clamav.net/2012/06/clamav-0975-has-been-released.html
http://www.nessus.org/u?4df9bb30
https://bugzilla.clamav.net/show_bug.cgi?id=4625
https://bugzilla.clamav.net/show_bug.cgi?id=4626
https://bugzilla.clamav.net/show_bug.cgi?id=4627
http://lurker.clamav.net/message/20120613.184156.a6c0b933.en.html

Solution :

Upgrade to ClamAV 0.97.5 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 59726 ()

Bugtraq ID: 52610
52611
52623

CVE ID: CVE-2012-1457
CVE-2012-1458
CVE-2012-1459