Mandriva Linux Security Advisory : clamav (MDVSA-2008:088)

critical Nessus Plugin ID 37368

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.93 release, including :

ClamAV 0.92 allowed local users to overwrite arbitrary files via a symlink attack on temporary files or on .ascii files in sigtool, when utf16-decode is enabled (CVE-2007-6595).

ClamAV 0.92 did not recognize Base64 uuencoded archives, which allowed remoted attackers to bypass the sanner via a base64-uuencoded file (CVE-2007-6596).

A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary (CVE-2008-0314).

An integer overflow in libclamav prior to 0.92.1 allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggered a heap-based buffer overflow (CVE-2008-0318).

An unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap corruption (CVE-2008-0728).

A buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers to execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).

ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).

A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary (CVE-2008-1833).

ClamAV prior to 0.93 allowed remote attackers to bypass the scanning engine via a RAR file with an invalid version number (CVE-2008-1835).

A vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (crash) via a crafted message that produced a string that was not null terminated, triggering a buffer over-read (CVE-2008-1836).

A vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (crash) via a crafted RAR file (CVE-2008-1837).

Other bugs have also been corrected in 0.93 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 37368

File Name: mandriva_MDVSA-2008-088.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:clamd, p-cpe:/a:mandriva:linux:clamdmon, p-cpe:/a:mandriva:linux:dansguardian, p-cpe:/a:mandriva:linux:klamav, p-cpe:/a:mandriva:linux:lib64clamav-devel, p-cpe:/a:mandriva:linux:lib64clamav4, p-cpe:/a:mandriva:linux:libclamav-devel, p-cpe:/a:mandriva:linux:libclamav4, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1, p-cpe:/a:mandriva:linux:clamav, p-cpe:/a:mandriva:linux:clamav-db, p-cpe:/a:mandriva:linux:clamav-milter

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 4/17/2008

Reference Information

CVE: CVE-2007-6595, CVE-2007-6596, CVE-2008-0314, CVE-2008-0318, CVE-2008-0728, CVE-2008-1100, CVE-2008-1387, CVE-2008-1833, CVE-2008-1835, CVE-2008-1836, CVE-2008-1837

CWE: 119, 189, 20, 399, 59

MDVSA: 2008:088