ID CVE-2006-6406
Summary Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.6
    cpe:2.3:a:clam_anti-virus:clamav:0.88.6
CVSS
Base: 5.0 (as of 11-12-2006 - 08:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-2390.NASL
    description This update to ClamAV version 0.88.7 fixes various bugs : - Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. (CVE-2006-5874) - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 / CVE-2006-6406. (CVE-2006-6481) - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. (CVE-2006-6406)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 29397
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29397
    title SuSE 10 Security Update : clamav (ZYPP Patch Number 2390)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1238.NASL
    description Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-6406 Hendrik Weimer discovered that invalid characters in base64 encoded data may lead to bypass of scanning mechanisms. - CVE-2006-6481 Hendrik Weimer discovered that deeply nested multipart/mime MIME data may lead to denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23912
    published 2006-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23912
    title Debian DSA-1238-1 : clamav - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-2391.NASL
    description This update to ClamAV version 0.88.7 fixes various bugs : CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27177
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27177
    title openSUSE 10 Security Update : clamav (clamav-2391)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-230.NASL
    description The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406). As well, a vulnerability was discovered that allows remote attackers to cause a stack overflow and application crash by wrapping many layers of multipart/mixed content around a document (CVE-2006-6481). The latest ClamAV is being provided to address these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24613
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24613
    title Mandrake Linux Security Advisory : clamav (MDKSA-2006:230)
refmap via4
bid 21461
bugtraq 20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass
confirm http://kolab.org/security/kolab-vendor-notice-14.txt
debian DSA-1238
mandriva MDKSA-2006:230
misc http://www.quantenblog.net/security/virus-scanner-bypass
secunia
  • 23362
  • 23379
  • 23411
  • 23460
suse SUSE-SA:2006:078
vupen
  • ADV-2006-4948
  • ADV-2006-5113
Last major update 07-03-2011 - 21:45
Published 09-12-2006 - 21:28
Last modified 17-10-2018 - 17:48
Back to Top