ID CVE-2006-6481
Summary Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.6
    cpe:2.3:a:clam_anti-virus:clamav:0.88.6
CVSS
Base: 5.0 (as of 12-12-2006 - 09:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-2390.NASL
    description This update to ClamAV version 0.88.7 fixes various bugs : - Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. (CVE-2006-5874) - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 / CVE-2006-6406. (CVE-2006-6481) - Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. (CVE-2006-6406)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 29397
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29397
    title SuSE 10 Security Update : clamav (ZYPP Patch Number 2390)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EB5124A48A2011DBB03300123FFE8333.NASL
    description Secunia reports : Clam AntiVirus have a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a stack overflow when scanning messages with deeply nested multipart content. This can be exploited to crash the service by sending specially crafted emails to a vulnerable system.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 23853
    published 2006-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23853
    title FreeBSD : clamav -- Multipart Nestings Denial of Service (eb5124a4-8a20-11db-b033-00123ffe8333)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1238.NASL
    description Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-6406 Hendrik Weimer discovered that invalid characters in base64 encoded data may lead to bypass of scanning mechanisms. - CVE-2006-6481 Hendrik Weimer discovered that deeply nested multipart/mime MIME data may lead to denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23912
    published 2006-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23912
    title Debian DSA-1238-1 : clamav - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-2391.NASL
    description This update to ClamAV version 0.88.7 fixes various bugs : CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27177
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27177
    title openSUSE 10 Security Update : clamav (clamav-2391)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-18 (ClamAV: Denial of Service) Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content. Impact : By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 23955
    published 2006-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23955
    title GLSA-200612-18 : ClamAV: Denial of Service
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-230.NASL
    description The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406). As well, a vulnerability was discovered that allows remote attackers to cause a stack overflow and application crash by wrapping many layers of multipart/mixed content around a document (CVE-2006-6481). The latest ClamAV is being provided to address these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24613
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24613
    title Mandrake Linux Security Advisory : clamav (MDKSA-2006:230)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
refmap via4
apple APPLE-SA-2008-03-18
bid 21609
confirm
debian DSA-1238
gentoo GLSA-200612-18
mandriva MDKSA-2006:230
misc http://www.quantenblog.net/security/virus-scanner-bypass
osvdb 31283
secunia
  • 23347
  • 23362
  • 23379
  • 23404
  • 23411
  • 23417
  • 23460
  • 29420
suse SUSE-SA:2006:078
trustix 2006-0072
vupen
  • ADV-2006-4948
  • ADV-2006-5113
  • ADV-2008-0924
Last major update 07-03-2011 - 21:46
Published 11-12-2006 - 20:28
Back to Top