This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
An iDEFENSE Security Advisory reports :
Remote exploitation of an input validation error in Clam AntiVirus
ClamAV allows attackers to cause a denial of service condition.
The vulnerability specifically exists due to insufficient validation
on cabinet file header data. The ENSURE_BITS() macro fails to check
for zero length reads, allowing a carefully constructed cabinet file
to cause an infinite loop.
ClamAV is used in a number of mail gateway products. Successful
exploitation requires an attacker to send a specially constructed CAB
file through a mail gateway or personal anti-virus client utilizing
the ClamAV scanning engine. The infinate loop will cause the ClamAV
software to use all available processor resources, resulting in a
denial of service or severe degradation to system performance. Remote
exploitation can be achieved by sending a malicious file in an e-mail
message or during an HTTP session.
See also :
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 2.6