Mandriva Linux Security Advisory : clamav (MDVSA-2009:327)

critical Nessus Plugin ID 43076

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in clamav :

Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241).

libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680).

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270).

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371).

Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372).

Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code.

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides clamav 0.95.2, which is not vulnerable to these issues. Additionally klamav-0.46 is being provided that has support for clamav-0.95+.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 43076

File Name: mandriva_MDVSA-2009-327.nasl

Version: 1.15

Type: local

Published: 12/9/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:clamav, p-cpe:/a:mandriva:linux:clamav-db, p-cpe:/a:mandriva:linux:clamav-milter, p-cpe:/a:mandriva:linux:clamd, p-cpe:/a:mandriva:linux:klamav, p-cpe:/a:mandriva:linux:lib64clamav-devel, p-cpe:/a:mandriva:linux:lib64clamav6, p-cpe:/a:mandriva:linux:libclamav-devel, p-cpe:/a:mandriva:linux:libclamav6, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/8/2009

Reference Information

CVE: CVE-2008-6680, CVE-2009-1241, CVE-2009-1270, CVE-2009-1371, CVE-2009-1372

BID: 34344

CWE: 119, 189, 20, 94

MDVSA: 2009:327