ClamAV < 0.99 Remote Denial of Service

Medium Log Correlation Engine Plugin ID 802006

Synopsis

The specific version of ClamAV that the client is running is vulnerable to a remote denial of service.

Description

Cisco ClamAV contains a flaw that is triggered when handling the scan of a specially crafted document. This may allow a remote attacker to cause the Advance Malware Protection (AMP) process to restart.

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa

https://tools.cisco.com/bugsearch/bug/CSCuv78533

https://tools.cisco.com/bugsearch/bug/CSCuw60503

Plugin Details

Severity: Medium

ID: 802006

File Name: 802006.prm

Family: Generic

Published: 2016/08/23

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2016/05/31

Vulnerability Publication Date: 2016/05/31

Reference Information

CVE: CVE-2016-1405