Denial of Service : ClamAV <= 0.99.2 Multiple DoS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.811575

Categoría: Denial of Service

Título: ClamAV <= 0.99.2 Multiple DoS Vulnerabilities - Windows

Resumen: ClamAV is prone to multiple denial of service (DoS) vulnerabilities.

Descripción: Summary:
ClamAV is prone to multiple denial of service (DoS) vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- An improper calidation for CHM file in 'mspack/lzxd.c' script in
libmspack 0.5alpha.

- An improper calidation for CAB file in cabd_read_string function in
'mspack/cabd.c' script in libmspack 0.5alpha.

- An improper validation for e-mail message in 'libclamav/message.c'
script.

- An improper validation for PE file in wwunpack function in
'libclamav/wwunpack.c' script.

Vulnerability Impact:
Successful exploitation will allow a remote
attacker to cause a denial of service or possibly have unspecified other
impact.

Affected Software/OS:
ClamAV version 0.99.2 and prior.

Solution:
Update to version 0.99.3-beta1.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-6418
BugTraq ID: 100154
http://www.securityfocus.com/bid/100154
https://security.gentoo.org/glsa/201804-16
https://bugzilla.clamav.net/show_bug.cgi?id=11797
https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md
https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c
Common Vulnerability Exposure (CVE) ID: CVE-2017-6419
Debian Security Information: DSA-3946 (Google Search)
http://www.debian.org/security/2017/dsa-3946
https://bugzilla.clamav.net/show_bug.cgi?id=11701
https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md
https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1
https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-6420
https://bugzilla.clamav.net/show_bug.cgi?id=11798
https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/use-after-free/clamav-use-after-free-pe.md
https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc
Common Vulnerability Exposure (CVE) ID: CVE-2017-11423
https://bugzilla.clamav.net/show_bug.cgi?id=11873
https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.811575
Categoría:	Denial of Service
Título:	ClamAV <= 0.99.2 Multiple DoS Vulnerabilities - Windows
Resumen:	ClamAV is prone to multiple denial of service (DoS) vulnerabilities.
Descripción:	Summary: ClamAV is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An improper calidation for CHM file in 'mspack/lzxd.c' script in libmspack 0.5alpha. - An improper calidation for CAB file in cabd_read_string function in 'mspack/cabd.c' script in libmspack 0.5alpha. - An improper validation for e-mail message in 'libclamav/message.c' script. - An improper validation for PE file in wwunpack function in 'libclamav/wwunpack.c' script. Vulnerability Impact: Successful exploitation will allow a remote attacker to cause a denial of service or possibly have unspecified other impact. Affected Software/OS: ClamAV version 0.99.2 and prior. Solution: Update to version 0.99.3-beta1. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6418 BugTraq ID: 100154 http://www.securityfocus.com/bid/100154 https://security.gentoo.org/glsa/201804-16 https://bugzilla.clamav.net/show_bug.cgi?id=11797 https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c Common Vulnerability Exposure (CVE) ID: CVE-2017-6419 Debian Security Information: DSA-3946 (Google Search) http://www.debian.org/security/2017/dsa-3946 https://bugzilla.clamav.net/show_bug.cgi?id=11701 https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2017-6420 https://bugzilla.clamav.net/show_bug.cgi?id=11798 https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/use-after-free/clamav-use-after-free-pe.md https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc Common Vulnerability Exposure (CVE) ID: CVE-2017-11423 https://bugzilla.clamav.net/show_bug.cgi?id=11873 https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
Copyright	Copyright (C) 2017 Greenbone Networks GmbH