ClamAV < 0.94 Multiple Vulnerabilities (deprecated)

High Nessus Network Monitor Plugin ID 4787

Synopsis

The remote antivirus service is affected by multiple issues.

Description

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94. Such versions are affected by one or more of the following issues :

- A segmentation fault can occur when processing corrupted LZH files. (Bug #1052)

- Invalid memory access errors in 'libclamav/chmunpack.c' when processing malformed CHM files may lead to a crash. (Bug #1089)

- An out-of-memory null dereference issue exists in 'libclamav/message.c' / 'libclamav/mbox.c'. (Bug #1141)

- Possible error path memory leaks exist in 'freshclam/manager.c'. (Bug #1141)

- There is an invalid close on error path in 'shared/tar.c'. (Bug #1141)

- There are multiple file descriptor leaks involving the 'error path' in 'libclamav/others.c' and 'libclamav/sis.c'. (Bug #1141).

Solution

Upgrade to version 0.94 or higher.

See Also

http://archives.neohapsis.com/archives/bugtraq/2008-09/0056.html

http://archives.neohapsis.com/archives/bugtraq/2008-12/0111.html

http://www.openwall.com/lists/oss-security/2008/09/03/2

http://www.openwall.com/lists/oss-security/2008/09/04/13

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1052

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089

http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

http://sourceforge.net/project/shownotes.php?group_id=86638&amp;release_id=623661

http://www.clamav.net

Plugin Details

Severity: High

ID: 4787

File Name: 4787.prm

Family: Web Clients

Published: 2008/12/12

Modified: 2016/01/15

Dependencies: 1735, 8314

Nessus ID: 35087

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-6845, CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914

BID: 30994, 31051, 32752