Debian DSA-1435-1 : clamav - several vulnerabilities

high Nessus Plugin ID 29755

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-6335 It was discovered that an integer overflow in the decompression code for MEW archives may lead to the execution of arbitrary code.

- CVE-2007-6336 It was discovered that on off-by-one in the MS-ZIP decompression code may lead to the execution of arbitrary code.

Solution

Upgrade the clamav packages.

The old stable distribution (sarge) is not affected by these problems.
However, since the clamav version from Sarge cannot process all current Clam malware signatures any longer, support for the ClamAV in Sarge is now discontinued. We recommend to upgrade to the stable distribution or run a backport of the stable version.

For the stable distribution (etch) these problems have been fixed in version 0.90.1-3etch8.

See Also

https://security-tracker.debian.org/tracker/CVE-2007-6335

https://security-tracker.debian.org/tracker/CVE-2007-6336

https://www.debian.org/security/2007/dsa-1435

Plugin Details

Severity: High

ID: 29755

File Name: debian_DSA-1435.nasl

Version: 1.20

Type: local

Agent: unix

Published: 12/24/2007

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:clamav, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/19/2007

Reference Information

CVE: CVE-2007-6335, CVE-2007-6336

BID: 26927

DSA: 1435

CWE: 119, 189