CERTA-2006-AVI-176
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Freshclam permettant de réaliser un déni de service ou d'exécuter du code arbitraire.

Description

Freshclam est un utilitaire de ClamAV en ligne de commande permettant de télécharger et d'installer les mises à jour des bases de signatures des virus. Une vulnérabilité a été découverte dans le client HTTP de Freshclam lors de la vérification de la taille des en-têtes des données provenant d'un serveur HTTP. L'exploitation de cette vulnérabilité, qui requiert un serveur HTTP malveillant d'hébergement des bases de signatures, permet de réaliser un déni de service ou d'exécuter du code arbitraire.

Solution

Mettre à jour en version 0.88.2 (voir Documentation).

ClamAV versions 0.80 à 0.88.1.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eClamAV versions 0.80 \u00e0 0.88.1.\u003c/P\u003e",
  "content": "## Description\n\nFreshclam est un utilitaire de ClamAV en ligne de commande permettant de\nt\u00e9l\u00e9charger et d\u0027installer les mises \u00e0 jour des bases de signatures des\nvirus. Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le client HTTP de\nFreshclam lors de la v\u00e9rification de la taille des en-t\u00eates des donn\u00e9es\nprovenant d\u0027un serveur HTTP. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9, qui\nrequiert un serveur HTTP malveillant d\u0027h\u00e9bergement des bases de\nsignatures, permet de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire.\n\n## Solution\n\nMettre \u00e0 jour en version 0.88.2 (voir Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1989"
    }
  ],
  "initial_release_date": "2006-05-03T00:00:00",
  "last_revision_date": "2006-05-04T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1050 du 02 mai 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1050"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:080 du 01 mai 2006    :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:080"
    },
    {
      "title": "Version 0.88.2 de ClamAV :",
      "url": "http://www.clamav.net/stable.php#pagestart"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200605-03 du 02 mai 2006 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml"
    }
  ],
  "reference": "CERTA-2006-AVI-176",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-05-03T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva, Debian.",
      "revision_date": "2006-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eFreshclam\u003c/span\u003e permettant de r\u00e9aliser un d\u00e9ni de\nservice ou d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans ClamAV",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ClamAV 0.88.2",
      "url": "http://www.clamav.net/security/0.88.2.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.