Detections
Analytics

ClamAV < 0.96 Multiple Vulnerabilities

medium Nessus Plugin ID 45437

Language:

Synopsis

The remote antivirus service is vulnerable to a file scan evasion attack.

Description

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.96. Such versions are reportedly affected by multiple vulnerabilities :

 - An attacker could bypass antivirus detection by embedding malicious code in a specially crafted 'CAB' file. (1826)

 - An error in the 'qtm_decompress()' function in 'libclamav/mspack.c' could lead to memory corruption when scanning a specially crafted Quantum-compressed file. (1771)

Solution

Upgrade to ClamAV 0.96 or later.

See Also

http://www.nessus.org/u?9e7087be

https://bugzilla.clamav.net/show_bug.cgi?id=1771

https://bugzilla.clamav.net/show_bug.cgi?id=1826

Plugin Details

Severity: Medium

ID: 45437

File Name: clamav_0_96.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 4/7/2010

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:clamav:clamav

Required KB Items: Settings/ParanoidReport, Antivirus/ClamAV/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/2/2010

Vulnerability Publication Date: 4/7/2010

Reference Information

CVE: CVE-2010-0098, CVE-2010-1311

BID: 39262

Secunia: 39329