ClamAV < 0.95.1 Multiple Vulnerabilities (deprecated)

low Nessus Network Monitor Plugin ID 4986

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.95.1. Such versions are affected by multiple vulnerabilities :

- ClamAV might crash while scanning certain malicious files packed with UPack. (Bug #1552)

- ClamAV might crash while using 'cli_url_canon'. (Bug #1553)

Solution

Upgrade to version 0.95.1 or higher.

See Also

http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553

http://www.securityfocus.com/bid/34446

Plugin Details

Severity: Low

ID: 4986

Family: Web Clients

Published: 4/14/2009

Updated: 3/6/2019

Nessus ID: 36131

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Reference Information

CVE: CVE-2009-1371, CVE-2009-1372

BID: 34446