ID CVE-2007-0897
Summary Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:0.15
    cpe:2.3:a:clam_anti-virus:clamav:0.15
  • cpe:2.3:a:clam_anti-virus:clamav:0.20
    cpe:2.3:a:clam_anti-virus:clamav:0.20
  • cpe:2.3:a:clam_anti-virus:clamav:0.21
    cpe:2.3:a:clam_anti-virus:clamav:0.21
  • cpe:2.3:a:clam_anti-virus:clamav:0.22
    cpe:2.3:a:clam_anti-virus:clamav:0.22
  • cpe:2.3:a:clam_anti-virus:clamav:0.23
    cpe:2.3:a:clam_anti-virus:clamav:0.23
  • cpe:2.3:a:clam_anti-virus:clamav:0.24
    cpe:2.3:a:clam_anti-virus:clamav:0.24
  • cpe:2.3:a:clam_anti-virus:clamav:0.51
    cpe:2.3:a:clam_anti-virus:clamav:0.51
  • cpe:2.3:a:clam_anti-virus:clamav:0.52
    cpe:2.3:a:clam_anti-virus:clamav:0.52
  • cpe:2.3:a:clam_anti-virus:clamav:0.53
    cpe:2.3:a:clam_anti-virus:clamav:0.53
  • cpe:2.3:a:clam_anti-virus:clamav:0.54
    cpe:2.3:a:clam_anti-virus:clamav:0.54
  • cpe:2.3:a:clam_anti-virus:clamav:0.60
    cpe:2.3:a:clam_anti-virus:clamav:0.60
  • cpe:2.3:a:clam_anti-virus:clamav:0.60p
    cpe:2.3:a:clam_anti-virus:clamav:0.60p
  • cpe:2.3:a:clam_anti-virus:clamav:0.65
    cpe:2.3:a:clam_anti-virus:clamav:0.65
  • cpe:2.3:a:clam_anti-virus:clamav:0.67
    cpe:2.3:a:clam_anti-virus:clamav:0.67
  • cpe:2.3:a:clam_anti-virus:clamav:0.68
    cpe:2.3:a:clam_anti-virus:clamav:0.68
  • cpe:2.3:a:clam_anti-virus:clamav:0.68.1
    cpe:2.3:a:clam_anti-virus:clamav:0.68.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.70
    cpe:2.3:a:clam_anti-virus:clamav:0.70
  • cpe:2.3:a:clam_anti-virus:clamav:0.71
    cpe:2.3:a:clam_anti-virus:clamav:0.71
  • cpe:2.3:a:clam_anti-virus:clamav:0.72
    cpe:2.3:a:clam_anti-virus:clamav:0.72
  • cpe:2.3:a:clam_anti-virus:clamav:0.73
    cpe:2.3:a:clam_anti-virus:clamav:0.73
  • cpe:2.3:a:clam_anti-virus:clamav:0.74
    cpe:2.3:a:clam_anti-virus:clamav:0.74
  • cpe:2.3:a:clam_anti-virus:clamav:0.75
    cpe:2.3:a:clam_anti-virus:clamav:0.75
  • cpe:2.3:a:clam_anti-virus:clamav:0.75.1
    cpe:2.3:a:clam_anti-virus:clamav:0.75.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.80
    cpe:2.3:a:clam_anti-virus:clamav:0.80
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4
  • cpe:2.3:a:clam_anti-virus:clamav:0.81
    cpe:2.3:a:clam_anti-virus:clamav:0.81
  • cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.82
    cpe:2.3:a:clam_anti-virus:clamav:0.82
  • cpe:2.3:a:clam_anti-virus:clamav:0.83
    cpe:2.3:a:clam_anti-virus:clamav:0.83
  • cpe:2.3:a:clam_anti-virus:clamav:0.84
    cpe:2.3:a:clam_anti-virus:clamav:0.84
  • cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2
    cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2
  • cpe:2.3:a:clam_anti-virus:clamav:0.85
    cpe:2.3:a:clam_anti-virus:clamav:0.85
  • cpe:2.3:a:clam_anti-virus:clamav:0.85.1
    cpe:2.3:a:clam_anti-virus:clamav:0.85.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.86
    cpe:2.3:a:clam_anti-virus:clamav:0.86
  • cpe:2.3:a:clam_anti-virus:clamav:0.86.1
    cpe:2.3:a:clam_anti-virus:clamav:0.86.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.86.2
    cpe:2.3:a:clam_anti-virus:clamav:0.86.2
  • cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.87
    cpe:2.3:a:clam_anti-virus:clamav:0.87
  • cpe:2.3:a:clam_anti-virus:clamav:0.87.1
    cpe:2.3:a:clam_anti-virus:clamav:0.87.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.88
    cpe:2.3:a:clam_anti-virus:clamav:0.88
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.1
    cpe:2.3:a:clam_anti-virus:clamav:0.88.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.3
    cpe:2.3:a:clam_anti-virus:clamav:0.88.3
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.4
    cpe:2.3:a:clam_anti-virus:clamav:0.88.4
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.6
    cpe:2.3:a:clam_anti-virus:clamav:0.88.6
CVSS
Base: 4.3 (as of 20-02-2007 - 12:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-2631.NASL
    description This update to ClamAV version 0.90 fixes various bugs : - A filedescriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. (CVE-2007-0897) - A directory traversal in handling of MIME E-Mail headers could be used by remote attackers to overwrite local files owned by the user under which clamd is running. (CVE-2007-0898)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29398
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29398
    title SuSE 10 Security Update : clamav (ZYPP Patch Number 2631)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1263.NASL
    description Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0897 It was discovered that malformed CAB archives may exhaust file descriptors, which allows denial of service. - CVE-2007-0898 It was discovered that a directory traversal vulnerability in the MIME header parser may lead to denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24776
    published 2007-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24776
    title Debian DSA-1263-1 : clamav - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200703-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200703-03 (ClamAV: Denial of Service) An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the 'id' parameter string used to create local files when parsing MIME headers. Impact : A remote attacker can send several crafted CAB archives with a zero-length record header that will fill the available file descriptors until no other is available, which will prevent ClamAV from scanning most archives. An attacker can also send an email with specially crafted MIME headers to overwrite local files with the permissions of the user running ClamAV, such as the virus database file, which could prevent ClamAV from detecting any virus. Workaround : The first vulnerability can be prevented by refusing any file of type CAB, but there is no known workaround for the second issue.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24751
    published 2007-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24751
    title GLSA-200703-03 : ClamAV: Denial of Service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-2632.NASL
    description This update to ClamAV version 0.90 fixes various bugs : CVE-2007-0897: A filedescriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. CVE-2007-0898: A directory traversal in handling of MIME E-Mail headers could be used by remote attackers to overwrite local files owned by the user under which clamd is running.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27178
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27178
    title openSUSE 10 Security Update : clamav (clamav-2632)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-043.NASL
    description Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. (CVE-2007-0897) Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. (CVE-2007-0898) The update to 0.90 addresses these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24675
    published 2007-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24675
    title Mandrake Linux Security Advisory : clamav (MDKSA-2007:043)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
refmap via4
apple APPLE-SA-2008-03-18
bid 22580
confirm http://docs.info.apple.com/article.html?artnum=307562
debian DSA-1263
gentoo GLSA-200703-03
idefense 20070215 Multiple Vendor ClamAV CAB File Denial of Service Vulnerability
mandriva MDKSA-2007:043
osvdb 32283
sectrack 1017659
secunia
  • 24183
  • 24187
  • 24192
  • 24319
  • 24332
  • 24425
  • 29420
suse SUSE-SA:2007:017
vupen
  • ADV-2007-0623
  • ADV-2008-0924
xf clamav-cabfile-dos(32531)
Last major update 07-03-2011 - 21:50
Published 16-02-2007 - 14:28
Last modified 28-07-2017 - 21:30
Back to Top