Detections
Analytics
ClamAV < 0.94 Multiple Vulnerabilities (deprecated)
high Nessus Network Monitor Plugin ID 4787
Synopsis
The remote antivirus service is affected by multiple issues.Description
According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94. Such versions are affected by one or more of the following issues :- A segmentation fault can occur when processing corrupted LZH files. (Bug #1052)
- Invalid memory access errors in 'libclamav/chmunpack.c' when processing malformed CHM files may lead to a crash. (Bug #1089)
- An out-of-memory null dereference issue exists in 'libclamav/message.c' / 'libclamav/mbox.c'. (Bug #1141)
- Possible error path memory leaks exist in 'freshclam/manager.c'. (Bug #1141)
- There is an invalid close on error path in 'shared/tar.c'. (Bug #1141)
- There are multiple file descriptor leaks involving the 'error path' in 'libclamav/others.c' and 'libclamav/sis.c'. (Bug #1141).
Solution
Upgrade to version 0.94 or higher.See Also
http://archives.neohapsis.com/archives/bugtraq/2008-09/0056.html
http://archives.neohapsis.com/archives/bugtraq/2008-12/0111.html
http://www.openwall.com/lists/oss-security/2008/09/03/2
http://www.openwall.com/lists/oss-security/2008/09/04/13
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1052
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661
Plugin Details
Severity: High
ID: 4787
Family: Web Clients
Published: 12/12/2008
Updated: 3/6/2019
Nessus ID: 35087
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Reference Information
CVE: CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, CVE-2008-6845