Detections
Analytics

Debian DSA-887-1 : clamav - several vulnerabilities

high Nessus Plugin ID 22753

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The Common Vulnerabilities and Exposures project identifies the following problems :

 - CVE-2005-3239 The OLE2 unpacker allows remote attackers to cause a segmentation fault via a DOC file with an invalid property tree, which triggers an infinite recursion.

 - CVE-2005-3303 A specially crafted executable compressed with FSG 1.33 could cause the extractor to write beyond buffer boundaries, allowing an attacker to execute arbitrary code.

 - CVE-2005-3500 A specially crafted CAB file could cause ClamAV to be locked in an infinite loop and use all available processor resources, resulting in a denial of service.

 - CVE-2005-3501 A specially crafted CAB file could cause ClamAV to be locked in an infinite loop and use all available processor resources, resulting in a denial of service.

Solution

Upgrade the clamav packages.

The old stable distribution (woody) does not contain clamav packages.

For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.6.

See Also

http://www.debian.org/security/2005/dsa-887

Plugin Details

Severity: High

ID: 22753

File Name: debian_DSA-887.nasl

Version: 1.20

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:clamav, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 11/7/2005

Vulnerability Publication Date: 10/12/2005

Reference Information

CVE: CVE-2005-3239, CVE-2005-3303, CVE-2005-3500, CVE-2005-3501

CWE: 399

DSA: 887