GLSA-200709-14 : ClamAV: Multiple vulnerabilities

high Nessus Plugin ID 26104

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200709-14 (ClamAV: Multiple vulnerabilities)

Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to 'popen()' when executing sendmail (CVE-2007-4560). Also, NULL pointer dereference errors exist within the 'cli_scanrtf()' function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL pointer dereference vulnerability within the 'cli_html_normalise()' function in libclamav/htmlnorm.c (CVE-2007-4510).
Impact :

The unsanitized recipient address can be exploited to execute arbitrary code with the privileges of the clamav-milter process by sending an email with a specially crafted recipient address to the affected system. Also, the NULL pointer dereference errors can be exploited to crash ClamAV. Successful exploitation of the latter vulnerability requires that clamav-milter is started with the 'black hole' mode activated, which is not enabled by default.
Workaround :

There is no known workaround at this time.

Solution

All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.91.2'

See Also

https://security.gentoo.org/glsa/200709-14

Plugin Details

Severity: High

ID: 26104

File Name: gentoo_GLSA-200709-14.nasl

Version: 1.14

Type: local

Published: 9/24/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:clamav, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/20/2007

Exploitable With

CANVAS (D2ExploitPack)

Metasploit (ClamAV Milter Blackhole-Mode Remote Code Execution)

Reference Information

CVE: CVE-2007-4510, CVE-2007-4560

CWE: 78

GLSA: 200709-14