CVE-2006-1615

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.

References

http://lists.apple.com/archives/security-announce/2006/May/msg00003.html

http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html

http://secunia.com/advisories/19534

http://secunia.com/advisories/19536

http://secunia.com/advisories/19564

http://secunia.com/advisories/19567

http://secunia.com/advisories/19570

http://secunia.com/advisories/19608

http://secunia.com/advisories/20077

http://secunia.com/advisories/23719

http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638

http://up2date.astaro.com/2006/05/low_up2date_6202.html

http://www.debian.org/security/2006/dsa-1024

http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:067

http://www.osvdb.org/24458

http://www.securityfocus.com/bid/17388

http://www.securityfocus.com/bid/17951

http://www.trustix.org/errata/2006/0020

http://www.us-cert.gov/cas/techalerts/TA06-132A.html

http://www.vupen.com/english/advisories/2006/1258

http://www.vupen.com/english/advisories/2006/1779

https://exchange.xforce.ibmcloud.com/vulnerabilities/25661

Details

Source: MITRE

Published: 2006-04-06

Updated: 2017-07-20

Type: CWE-134

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* versions up to 0.88 (inclusive)

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
22566Debian DSA-1024-1 : clamav - several vulnerabilitiesNessusDebian Local Security Checks
critical
21446FreeBSD : clamav -- Multiple Vulnerabilities (6a5174bd-c580-11da-9110-00123ffe8333)NessusFreeBSD Local Security Checks
critical
3617Mac OS X Multiple Vulnerabilities (Security Update 2006-003)Nessus Network MonitorOperating System Detection
medium
3616Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
21341Mac OS X Multiple Vulnerabilities (Security Update 2006-003)NessusMacOS X Local Security Checks
critical
21202Mandrake Linux Security Advisory : clamav (MDKSA-2006:067)NessusMandriva Local Security Checks
critical
21199GLSA-200604-06 : ClamAV: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
3318Curl < 7.15.1 Multiple Remote OverflowsNessus Network MonitorWeb Clients
critical
3308Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Nessus Network MonitorOperating System Detection
high
3256Curl NTLM Buffer OverflowNessus Network MonitorWeb Clients
medium
3255GNU WGet < 1.10.2 Buffer OverflowNessus Network MonitorWeb Clients
medium
3505ClamAV < 0.88.1 Multiple Vulnerabilities (deprecated)Nessus Network MonitorWeb Clients
medium
801390Curl NTLM Buffer OverflowLog Correlation EngineWeb Clients
high
801386Curl <= 7.15.0 Multiple Remote OverflowsLog Correlation EngineWeb Clients
high
801197Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800798Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Log Correlation EngineOperating System Detection
high