ClamAV < 0.88.0 UPX File Processing Overflow (deprecated)

High Nessus Network Monitor Plugin ID 3362

Synopsis

The remote host is vulnerable to a heap overflow.

Description

The remote host is running ClamAV, an open-source antivirus solution for Unix and Windows systems. This version of ClamAV is reported to be vulnerable to a flaw where the parsing of a malicious file will cause the clamav process to execute arbitrary code. While the details of the attack are currently unknown, it is rumoured that an attacker exploiting this flaw would only need to be able to craft and send a malformed email to a ClamAV server. Successful exploitation results in the server executing arbitrary code or crashing.

Solution

Upgrade to version 0.88.0 or higher.

See Also

http://sourceforge.net/project/shownotes.php?release_id=384086&amp;group_id=86638

Plugin Details

Severity: High

ID: 3362

File Name: 3362.prm

Family: Web Clients

Published: 2006/01/10

Modified: 2016/01/15

Dependencies: 1735, 8314

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2006-0162

BID: 16191