This version upgrade to 0.92 fixes numerous flaws including some security problems. (CVE-2007-6335 / CVE-2007-6336 / CVE-2007-6337)

Please note that the version number of the clamav library has changed.
Programs linked against libclamav therefore need to be updated as well.

The remote host is affected by the vulnerability described in GLSA-200712-20 (ClamAV: Multiple vulnerabilities)

    iDefense reported an integer overflow vulnerability in the cli_scanpe()     function when parsing Portable Executable (PE) files packed in the MEW     format, that could be exploited to cause a heap-based buffer overflow     (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when     decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An     unspecified vulnerability related to the bzip2 decompression algorithm     has also been discovered (CVE-2007-6337).
  Impact :

    A remote attacker could entice a user or automated system to scan a     specially crafted file, possibly leading to the execution of arbitrary     code with the privileges of the user running ClamAV (either a system     user or the 'clamav' user if clamd is compromised).
  Workaround :

    There is no known workaround at this time.

This version upgrade to 0.92 fixes numerous flaws including some security problems (CVE-2007-6335, CVE-2007-6336, CVE-2007-6337).

Please note that the version number of the clamav library has changed.
Programs linked against libclamav therefore need to be updated as well.

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2007-6335     It was discovered that an integer overflow in the     decompression code for MEW archives may lead to the     execution of arbitrary code.

  - CVE-2007-6336     It was discovered that on off-by-one in the MS-ZIP     decompression code may lead to the execution of     arbitrary code.

The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. 

This update contains several security fixes for a number of programs.

Upstream clamav 0.92 fixes multiple security issues :

  - CVE-2007-6335 (#426210)

    - CVE-2007-6336 (#426343)

    - CVE-2007-6337 (#426344)

Sendmail-specific parts moved to separate milter subpackage.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format.
This could be exploited to cause a heap-based buffer overflow (CVE-2007-6335).

Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336).

As well, an unspecified vulnerability related to the bzip2 decompression algorithm was also discovered (CVE-2007-6337).

Other bugs have also been corrected in 0.92 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided.

The remote host is running the ClamAV antivirus client.

This version of ClamAV is vulnerable to a remote integer overflow due to a content-parsing flaw when handling malformed PE files.  An attacker exploiting this flaw would only need the ability to send a malformed attachment to a system protected by ClamAV.  Successful exploitation would result in the attacker overwriting critical memory blocks and either crashing the service or executing arbitrary code. 

ID	Name	Product	Family	Published	Updated	Severity
29782	SuSE 10 Security Update : clamav (ZYPP Patch Number 4836)	Nessus	SuSE Local Security Checks	12/24/2007	1/14/2021	critical
29817	GLSA-200712-20 : ClamAV: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	12/31/2007	1/6/2021	critical
29781	openSUSE 10 Security Update : clamav (clamav-4832)	Nessus	SuSE Local Security Checks	12/24/2007	1/14/2021	critical
29755	Debian DSA-1435-1 : clamav - several vulnerabilities	Nessus	Debian Local Security Checks	12/24/2007	1/4/2021	high
31605	Mac OS X Multiple Vulnerabilities (Security Update 2008-002)	Nessus	MacOS X Local Security Checks	3/19/2008	7/14/2018	critical
30070	Fedora 8 : clamav-0.92-6.fc8 (2008-0115)	Nessus	Fedora Local Security Checks	1/27/2008	1/11/2021	critical
36347	Mandriva Linux Security Advisory : clamav (MDVSA-2008:003)	Nessus	Mandriva Local Security Checks	4/23/2009	1/6/2021	critical
30071	Fedora 7 : clamav-0.92-6.fc7 (2008-0170)	Nessus	Fedora Local Security Checks	1/27/2008	1/11/2021	critical
4321	ClamAV < 0.92.0 PE File Handling Integer Overflow (deprecated)	Nessus Network Monitor	Web Clients	12/19/2007	3/6/2019	high

Detections

Analytics

Plugins Search

critical

critical

critical

high

critical

critical

critical

critical

high