Test ID:	1.3.6.1.4.1.25623.1.0.806019
Category:	Denial of Service
Title:	ClamAV Multiple Denial of Service Vulnerabilities August15 (Linux)
Summary:	This host is installed with ClamAV and is; prone to multiple denial of service vulnerabilities.
Description:	Summary: This host is installed with ClamAV and is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - an error that is triggered when handling a specially crafted xz archive file, which can cause an infinite loops. - an error in the 'cli_scanpe' function in pe.c script that is triggered when handling petite packed files. - an error in the 'yc_poly_emulator' function in yc.c script that is triggered when handling a specially crafted y0da cryptor file. - an error in the 'pefromupx' function of the UPX decoder that is triggered when handling specially crafted files. Vulnerability Impact: Successful exploitation will allow a remote attacker to crash the application. Affected Software/OS: ClamAV versions before 0.98.7 on Linux Solution: Upgrade to ClamAV version 0.98.7 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	BugTraq ID: 74472 BugTraq ID: 74443 Common Vulnerability Exposure (CVE) ID: CVE-2015-2668 http://www.securityfocus.com/bid/74472 https://security.gentoo.org/glsa/201512-08 SuSE Security Announcement: openSUSE-SU-2015:0906 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html http://ubuntu.com/usn/usn-2594-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2222 http://www.securityfocus.com/bid/74443 Common Vulnerability Exposure (CVE) ID: CVE-2015-2221 Common Vulnerability Exposure (CVE) ID: CVE-2015-2170
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.