CVE-2006-6481 - Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow

CVE-2006-6481

Summary

Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.

References

Vulnerable Configurations

cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*
cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-03-2011 - 02:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

apple	APPLE-SA-2008-03-18
bid	21609
confirm	http://docs.info.apple.com/article.html?artnum=307562 http://kolab.org/security/kolab-vendor-notice-14.txt
debian	DSA-1238
gentoo	GLSA-200612-18
mandriva	MDKSA-2006:230
misc	http://www.quantenblog.net/security/virus-scanner-bypass
osvdb	31283
secunia	23347 23362 23379 23404 23411 23417 23460 29420
suse	SUSE-SA:2006:078
trustix	2006-0072
vupen	ADV-2006-4948 ADV-2006-5113 ADV-2008-0924

Last major update

08-03-2011 - 02:46

Published

12-12-2006 - 01:28

Last modified

08-03-2011 - 02:46