ID CVE-2006-6406
Summary Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 21:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 21461
bugtraq 20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass
confirm http://kolab.org/security/kolab-vendor-notice-14.txt
debian DSA-1238
mandriva MDKSA-2006:230
misc http://www.quantenblog.net/security/virus-scanner-bypass
secunia
  • 23362
  • 23379
  • 23411
  • 23460
suse SUSE-SA:2006:078
vupen
  • ADV-2006-4948
  • ADV-2006-5113
Last major update 17-10-2018 - 21:48
Published 10-12-2006 - 02:28
Last modified 17-10-2018 - 21:48
Back to Top