GLSA-200706-05 : ClamAV: Multiple Denials of Service

critical Nessus Plugin ID 25534
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200706-05 (ClamAV: Multiple Denials of Service)

Several vulnerabilities were discovered in ClamAV by various researchers:
Victor Stinner (INL) discovered that the OLE2 parser may enter in an infinite loop (CVE-2007-2650).
A boundary error was also reported by an anonymous researcher in the file unsp.c, which might lead to a buffer overflow (CVE-2007-3023).
The file unrar.c contains a heap-based buffer overflow via a modified vm_codesize value from a RAR file (CVE-2007-3123).
The RAR parsing engine can be bypassed via a RAR file with a header flag value of 10 (CVE-2007-3122).
The cli_gentempstream() function from clamdscan creates temporary files with insecure permissions (CVE-2007-3024).
Impact :

A remote attacker could send a specially crafted file to the scanner, possibly triggering one of the vulnerabilities. The two buffer overflows are reported to only cause Denial of Service. This would lead to a Denial of Service by CPU consumption or a crash of the scanner.
The insecure temporary file creation vulnerability could be used by a local user to access sensitive data.
Workaround :

There is no known workaround at this time.

Solution

All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.90.3'

See Also

https://security.gentoo.org/glsa/200706-05

Plugin Details

Severity: Critical

ID: 25534

File Name: gentoo_GLSA-200706-05.nasl

Version: 1.15

Type: local

Published: 6/18/2007

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:clamav, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 6/15/2007

Vulnerability Publication Date: 4/18/2007

Reference Information

CVE: CVE-2007-2650, CVE-2007-3023, CVE-2007-3024, CVE-2007-3122, CVE-2007-3123

GLSA: 200706-05