ClamAV < 0.98.6 Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The antivirus service running on the remote host is affected by
multiple vulnerabilities.

Description :

According to its version, the ClamAV clamd antivirus daemon on the
remote host is prior to 0.98.6. It is, therefore, affected by the
following vulnerabilities :

- An out-of-bounds access flaw exists in the unupack()
function that is triggered when parsing a specially
crafted Upack packer file. A remote attacker can exploit
this to crash the application, resulting in a denial of
service condition. (CVE-2014-9328)

- An out-of-bounds access flaw exists that is triggered
when parsing maliciously crafted Yoda Crypter and MEW
packer files. A remote attacker can exploit this to
crash the application, resulting in a denial of service
condition. (CVE-2015-1461)

- An out-of-bounds access flaw exists that is triggered
when parsing a specially crafted UPX packer file. A
remote attacker can exploit this to crash the
application, resulting in a denial of service condition.
(CVE-2015-1462)

- A signedness flaw exists in the petite_inflate2x_1to9()
function in 'libclamav/petite.c' that allows a remote
attacker with a specially crafted petite packer file
to cause a denial of service. (CVE-2015-1463)

- An integer overflow condition exists in upx.c due to
improper validation of user-supplied input when scanning
EXE files. An attacker can exploit this to cause a
heap-based buffer overflow, resulting in a denial of
service condition or the execution of arbitrary code.
(VulnDB 132125)

See also :

http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html
http://seclists.org/oss-sec/2015/q1/344
https://bugzilla.clamav.net/show_bug.cgi?id=11213

Solution :

Upgrade to ClamAV 0.98.6 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 81147 ()

Bugtraq ID: 72372
72641
72652
72654

CVE ID: CVE-2014-9328
CVE-2015-1461
CVE-2015-1462
CVE-2015-1463

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now