ClamAV < 0.97.7 Multiple Vulnerabilities

Medium Nessus Plugin ID 65668


The antivirus service running on the remote host is affected by multiple vulnerabilities.


According to its version, the ClamAV clamd antivirus daemon on the remote host is earlier than 0.97.7 and is, therefore, potentially affected by the following vulnerabilities :

- A memory access error exists related to the function 'check_user_password' and debug-printing that could access 32 bytes rather than the proper 16 bytes.
(Issue 6804 / CVE-2013-7089)

- A heap-corruption error exists in the function 'wwunpack' in the file 'libclamav/wwunpack.c' related to unpacking 'WWPack' files. (Issue 6806 / CVE-2013-7087)

- An unspecified overflow error exists related to 'y0da' emulation that could result in application crashes or other unspecified impact. (Issue 6809 / CVE-2013-7088)

- A double-free error exists in the function 'unrar_extract_next_prepare' in the file 'libclamunrar_iface/unrar_iface.c' related to handling 'RAR' files.


Upgrade to ClamAV 0.97.7 or later.

See Also

Plugin Details

Severity: Medium

ID: 65668

File Name: clamav_0_97_7.nasl

Version: $Revision: 1.8 $

Type: remote

Family: Misc.

Published: 2013/03/24

Modified: 2017/05/10

Dependencies: 39436

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:clamav:clamav

Required KB Items: Antivirus/ClamAV/version, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/02/12

Vulnerability Publication Date: 2013/03/15

Reference Information

CVE: CVE-2013-7089, CVE-2013-7087, CVE-2013-7088

BID: 58546

OSVDB: 91443, 91444, 91730, 106317