Summary
This host has ClamAV installed, and is prone to multiple vulnerabilities.
Impact
Remote attackers may exploit this issue to inject malicious files into the system which can bypass the scan engine and may cause denial of service.
Impact Level: System/Application
Solution
Upgrade to ClamAV 0.95 or later
http://www.clamav.net
Insight
Multiple flaws are due to
- Error in handling specially crafted RAR files which prevents the scanning of potentially malicious files.
- Inadequate sanitation of files through a crafted TAR file causes clamd and clamscan to hang.
- 'libclamav/pe.c' allows remote attackers to cause a denial of service via a crafted EXE which triggers a divide-by-zero error.
Affected
ClamAV before 0.95 on Windows.
References
Severity
Classification
-
CVE CVE-2008-6680, CVE-2009-1241, CVE-2009-1270 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities