ClamAV < 0.95.1 Multiple Vulnerabilities (deprecated)

Medium Nessus Network Monitor Plugin ID 4986

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.95.1. Such versions are affected by multiple vulnerabilities :

- ClamAV might crash while scanning certain malicious files packed with UPack. (Bug #1552)

- ClamAV might crash while using 'cli_url_canon'. (Bug #1553)

Solution

Upgrade to version 0.95.1 or higher.

See Also

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553

http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

http://www.securityfocus.com/bid/34446

Plugin Details

Severity: Medium

ID: 4986

Family: Web Clients

Published: 2009/04/14

Modified: 2016/02/05

Dependencies: 1735, 8314

Nessus ID: 36131

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 3.6

Temporal Score: 3.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2009-1371, CVE-2009-1372

BID: 34446