ClamAV < 0.99.1 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 802032

Synopsis

The specific version of ClamAV that the system is running is reportedly affected by multiple vulnerabilities.

Description

The specific version of ClamAV that the system is running is reportedly affected by the following vulnerabilities:

- ClamAV contains an unspecified off-by-one flaw in the htmlnorm functionality that may allow an attacker to cause an out-of-bounds write. No further details have been provided.

- ClamAV contains an out-of-bounds read flaw in the autoit functionality. This may allow a context-dependent attacker to crash the program or potentially disclose memory contents.

- ClamAV contains an out-of-bounds dereference issue that is triggered during the parsing of mbox files. This may allow a context-dependent attacker to have an unspecified impact.

- ClamAV contains a flaw that is triggered during the handling of a specially crafted 7z file. This may allow a context-dependent attacker to cause a memory overlay and crash the program, which can leave the system vulnerable to other attacks.

Solution

Upgrade to ClamAV 0.99.1 or higher.

See Also

http://clamav.net/

http://blog.clamav.net/2016/03/clamav-0991-has-been-released.html

http://lists.clamav.net/pipermail/clamav-announce/2016/000017.html

Plugin Details

Severity: High

ID: 802032

Family: Generic

Published: 2016/11/01

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2016/03/02

Vulnerability Publication Date: 2016/03/02