ID CVE-2010-0098
Summary ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
References
Vulnerable Configurations
  • ClamAV 0.01
    cpe:2.3:a:clamav:clamav:0.01
  • ClamAV 0.02
    cpe:2.3:a:clamav:clamav:0.02
  • ClamAV 0.03
    cpe:2.3:a:clamav:clamav:0.03
  • ClamAV 0.05
    cpe:2.3:a:clamav:clamav:0.05
  • ClamAV 0.10
    cpe:2.3:a:clamav:clamav:0.10
  • ClamAV 0.12
    cpe:2.3:a:clamav:clamav:0.12
  • ClamAV 0.13
    cpe:2.3:a:clamav:clamav:0.13
  • ClamAV 0.14 pre
    cpe:2.3:a:clamav:clamav:0.14:pre
  • ClamAV 0.15
    cpe:2.3:a:clamav:clamav:0.15
  • ClamAV 0.20
    cpe:2.3:a:clamav:clamav:0.20
  • ClamAV 0.21
    cpe:2.3:a:clamav:clamav:0.21
  • ClamAV 0.22
    cpe:2.3:a:clamav:clamav:0.22
  • ClamAV 0.23
    cpe:2.3:a:clamav:clamav:0.23
  • ClamAV 0.24
    cpe:2.3:a:clamav:clamav:0.24
  • ClamAV ClamAV 0.3
    cpe:2.3:a:clamav:clamav:0.3
  • ClamAV ClamAV 0.51
    cpe:2.3:a:clamav:clamav:0.51
  • ClamAV 0.52
    cpe:2.3:a:clamav:clamav:0.52
  • ClamAV 0.53
    cpe:2.3:a:clamav:clamav:0.53
  • ClamAV ClamAV 0.54
    cpe:2.3:a:clamav:clamav:0.54
  • ClamAV 0.60
    cpe:2.3:a:clamav:clamav:0.60
  • ClamAV 0.60p
    cpe:2.3:a:clamav:clamav:0.60p
  • ClamAV 0.65
    cpe:2.3:a:clamav:clamav:0.65
  • ClamAV ClamAV 0.66
    cpe:2.3:a:clamav:clamav:0.66
  • ClamAV 0.67
    cpe:2.3:a:clamav:clamav:0.67
  • ClamAV ClamAV 0.67-1
    cpe:2.3:a:clamav:clamav:0.67-1
  • ClamAV 0.68
    cpe:2.3:a:clamav:clamav:0.68
  • ClamAV 0.68.1
    cpe:2.3:a:clamav:clamav:0.68.1
  • ClamAV 0.70
    cpe:2.3:a:clamav:clamav:0.70
  • ClamAV 0.70 Release Candidate
    cpe:2.3:a:clamav:clamav:0.70:rc
  • ClamAV 0.71
    cpe:2.3:a:clamav:clamav:0.71
  • ClamAV 0.72
    cpe:2.3:a:clamav:clamav:0.72
  • ClamAV 0.73
    cpe:2.3:a:clamav:clamav:0.73
  • ClamAV 0.74
    cpe:2.3:a:clamav:clamav:0.74
  • ClamAV 0.75
    cpe:2.3:a:clamav:clamav:0.75
  • ClamAV 0.75.1
    cpe:2.3:a:clamav:clamav:0.75.1
  • ClamAV 0.80
    cpe:2.3:a:clamav:clamav:0.80
  • ClamAV 0.80 Release Candidate 4
    cpe:2.3:a:clamav:clamav:0.80:rc4
  • ClamAV 0.80 Release Candidate 3
    cpe:2.3:a:clamav:clamav:0.80:rc3
  • ClamAV 0.80 Release Candidate 2
    cpe:2.3:a:clamav:clamav:0.80:rc2
  • ClamAV 0.80 Release Candidate
    cpe:2.3:a:clamav:clamav:0.80:rc
  • ClamAV 0.81
    cpe:2.3:a:clamav:clamav:0.81
  • ClamAV 0.82
    cpe:2.3:a:clamav:clamav:0.82
  • ClamAV 0.83
    cpe:2.3:a:clamav:clamav:0.83
  • ClamAV 0.84
    cpe:2.3:a:clamav:clamav:0.84
  • ClamAV 0.85
    cpe:2.3:a:clamav:clamav:0.85
  • ClamAV 0.85.1
    cpe:2.3:a:clamav:clamav:0.85.1
  • ClamAV 0.86
    cpe:2.3:a:clamav:clamav:0.86
  • ClamAV 0.86.1
    cpe:2.3:a:clamav:clamav:0.86.1
  • ClamAV 0.86.2
    cpe:2.3:a:clamav:clamav:0.86.2
  • ClamAV 0.87
    cpe:2.3:a:clamav:clamav:0.87
  • ClamAV 0.87.1
    cpe:2.3:a:clamav:clamav:0.87.1
  • ClamAV 0.88
    cpe:2.3:a:clamav:clamav:0.88
  • ClamAV 0.88.1
    cpe:2.3:a:clamav:clamav:0.88.1
  • ClamAV 0.88.2
    cpe:2.3:a:clamav:clamav:0.88.2
  • ClamAV 0.88.3
    cpe:2.3:a:clamav:clamav:0.88.3
  • ClamAV 0.88.4
    cpe:2.3:a:clamav:clamav:0.88.4
  • ClamAV 0.88.5
    cpe:2.3:a:clamav:clamav:0.88.5
  • ClamAV 0.88.6
    cpe:2.3:a:clamav:clamav:0.88.6
  • ClamAV 0.88.7
    cpe:2.3:a:clamav:clamav:0.88.7
  • ClamAV 0.90
    cpe:2.3:a:clamav:clamav:0.90
  • ClamAV 0.90.1
    cpe:2.3:a:clamav:clamav:0.90.1
  • Clamav 0.90.2
    cpe:2.3:a:clamav:clamav:0.90.2
  • ClamAV 0.90.3
    cpe:2.3:a:clamav:clamav:0.90.3
  • ClamAV 0.91
    cpe:2.3:a:clamav:clamav:0.91
  • ClamAV 0.91.1
    cpe:2.3:a:clamav:clamav:0.91.1
  • ClamAV 0.91.2
    cpe:2.3:a:clamav:clamav:0.91.2
  • ClamAV 0.92
    cpe:2.3:a:clamav:clamav:0.92
  • ClamAV 0.92.1
    cpe:2.3:a:clamav:clamav:0.92.1
  • ClamAV 0.93
    cpe:2.3:a:clamav:clamav:0.93
  • ClamAV 0.93.1
    cpe:2.3:a:clamav:clamav:0.93.1
  • ClamAV 0.93.2
    cpe:2.3:a:clamav:clamav:0.93.2
  • ClamAV 0.93.3
    cpe:2.3:a:clamav:clamav:0.93.3
  • ClamAV 0.94
    cpe:2.3:a:clamav:clamav:0.94
  • ClamAV 0.94.1
    cpe:2.3:a:clamav:clamav:0.94.1
  • ClamAV 0.94.2
    cpe:2.3:a:clamav:clamav:0.94.2
  • ClamAV 0.95
    cpe:2.3:a:clamav:clamav:0.95
  • cpe:2.3:a:clamavs:clamav:0.04
    cpe:2.3:a:clamavs:clamav:0.04
  • cpe:2.3:a:clamavs:clamav:0.06
    cpe:2.3:a:clamavs:clamav:0.06
  • ClamAV 0.84 Release Candidate 1
    cpe:2.3:a:clamav:clamav:0.84:rc1
  • ClamAV 0.84 Release Candidate 2
    cpe:2.3:a:clamav:clamav:0.84:rc2
  • ClamAV 0.86 Release Candidate 1
    cpe:2.3:a:clamav:clamav:0.86:rc1
  • ClamAV 0.94 rc1
    cpe:2.3:a:clamav:clamav:0.9:rc1
  • ClamAV 0.90rc1
    cpe:2.3:a:clamav:clamav:0.90:rc1
  • ClamAV 0.90 rc1.1
    cpe:2.3:a:clamav:clamav:0.90:rc1.1
  • ClamAV 0.90 rc2
    cpe:2.3:a:clamav:clamav:0.90:rc2
  • ClamAV 0.90 rc3
    cpe:2.3:a:clamav:clamav:0.90:rc3
  • ClamAV 0.91rc1
    cpe:2.3:a:clamav:clamav:0.91:rc1
  • ClamAV 0.91rc2
    cpe:2.3:a:clamav:clamav:0.91:rc2
  • ClamAV 0.95 SRC1
    cpe:2.3:a:clamav:clamav:0.95:rc1
  • ClamAV 0.95 SRC2
    cpe:2.3:a:clamav:clamav:0.95:rc2
  • ClamAV 0.95.1
    cpe:2.3:a:clamav:clamav:0.95.1
  • ClamAV 0.95.2
    cpe:2.3:a:clamav:clamav:0.95.2
  • ClamAV 0.95.3
    cpe:2.3:a:clamav:clamav:0.95.3
  • ClamAV 0.96 release candidate 1
    cpe:2.3:a:clamav:clamav:0.96:rc1
  • ClamAV 0.96 release candidate 2
    cpe:2.3:a:clamav:clamav:0.96:rc2
  • ClamAV 0.14
    cpe:2.3:a:clamav:clamav:0.14
CVSS
Base: 10.0 (as of 09-04-2010 - 10:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-6990.NASL
    description Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 49837
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49837
    title SuSE 10 Security Update : clamav (ZYPP Patch Number 6990)
  • NASL family Misc.
    NASL id CLAMAV_0_96.NASL
    description According to its version, the clamd antivirus daemon on the remote host is earlier than 0.96. Such versions are reportedly affected by multiple vulnerabilities : - An attacker could bypass antivirus detection by embedding malicious code in a specially crafted 'CAB' file. (1826) - An error in the 'qtm_decompress()' function in 'libclamav/mspack.c' could lead to memory corruption when scanning a specially crafted Quantum-compressed file. (1771)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 45437
    published 2010-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45437
    title ClamAV < 0.96 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-6983.NASL
    description Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 45622
    published 2010-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45622
    title SuSE 10 Security Update : ClamAV (ZYPP Patch Number 6983)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-082.NASL
    description Multiple vulnerabilities has been found and corrected in clamav : ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities (CVE-2010-0098). The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third-party information (CVE-2010-1311). This update provides clamav 0.96, which is not vulnerable to these issues. Update : Packages for 2009.0 are provided due to the Extended Maintenance Program.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 45567
    published 2010-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45567
    title Mandriva Linux Security Advisory : clamav (MDVSA-2010:082-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CLAMAV-100414.NASL
    description Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50896
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50896
    title SuSE 11 Security Update : clamav (SAT Patch Number 2298)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201009-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201009-06 (Clam AntiVirus: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Clam AntiVirus. For further information, please consult the CVE entries referenced below. Impact : A remote attacker could possibly bypass virus detection or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 49127
    published 2010-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49127
    title GLSA-201009-06 : Clam AntiVirus: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-926-1.NASL
    description It was discovered that ClamAV did not properly verify its input when processing CAB files. A remote attacker could send a specially crafted CAB file to evade malware detection. (CVE-2010-0098) It was discovered that ClamAV did not properly verify its input when processing CAB files. A remote attacker could send a specially crafted CAB file and cause a denial of service via application crash. (CVE-2010-1311). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 45476
    published 2010-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45476
    title Ubuntu 8.10 / 9.04 / 9.10 : clamav vulnerabilities (USN-926-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_CLAMAV-100414.NASL
    description clamav has been updated to version 0.96. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45620
    published 2010-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45620
    title openSUSE Security Update : clamav (openSUSE-SU-2010:0149-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12610.NASL
    description Specially crafted CAB archives could crash clamav (CVE-2010-1311) or bypass virus detection (CVE-2010-0098). clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 46169
    published 2010-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46169
    title SuSE9 Security Update : clamav (YOU Patch Number 12610)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2010-005.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-005 applied. This security update contains fixes for the following products : - ATS - CFNetwork - ClamAV - CoreGraphics - libsecurity - PHP - Samba
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 48424
    published 2010-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48424
    title Mac OS X Multiple Vulnerabilities (Security Update 2010-005)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_CLAMAV-100414.NASL
    description clamav has been updated to version 0.96. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45621
    published 2010-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45621
    title openSUSE Security Update : clamav (openSUSE-SU-2010:0149-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_CLAMAV-100414.NASL
    description clamav has been updated to version 0.96. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan engine. Key features include the bytecode interpreter, heuristic improvements, signature improvements, support for new archives, support for new executable file formats, support for UPX 3.0, performance improvements and memory optimizations.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45619
    published 2010-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45619
    title openSUSE Security Update : clamav (openSUSE-SU-2010:0149-1)
refmap via4
apple APPLE-SA-2010-08-24-1
bid 39262
confirm
mandriva MDVSA-2010:082
mlist
  • [oss-security] 20100406 ClamAV small issues
  • [oss-security] 20100407 Re: ClamAV small issues
secunia
  • 39293
  • 39329
  • 39656
suse SUSE-SR:2010:010
ubuntu USN-926-1
vupen
  • ADV-2010-0827
  • ADV-2010-0832
  • ADV-2010-0909
  • ADV-2010-1001
  • ADV-2010-1206
Last major update 31-08-2010 - 01:41
Published 08-04-2010 - 13:30
Back to Top