Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1614

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1614
Last Modified 07 Mar 2011 09:33:25
Published 06 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1614

Summary

Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Vulnerable Systems

Application

  • Clam Anti-virus Clamav 0.51

  • Clam Anti-virus Clamav 0.52

  • Clam Anti-virus Clamav 0.53

  • Clam Anti-virus Clamav 0.54

  • Clam Anti-virus Clamav 0.60

  • Clam Anti-virus Clamav 0.65

  • Clam Anti-virus Clamav 0.67

  • Clam Anti-virus Clamav 0.68

  • Clam Anti-virus Clamav 0.68.1

  • Clam Anti-virus Clamav 0.70

  • Clam Anti-virus Clamav 0.75.1

  • Clam Anti-virus Clamav 0.80

  • Clam Anti-virus Clamav 0.80 Rc1

  • Clam Anti-virus Clamav 0.80 Rc2

  • Clam Anti-virus Clamav 0.80 Rc3

  • Clam Anti-virus Clamav 0.80 Rc4

  • Clam Anti-virus Clamav 0.81

  • Clam Anti-virus Clamav 0.82

  • Clam Anti-virus Clamav 0.83

  • Clam Anti-virus Clamav 0.84

  • Clam Anti-virus Clamav 0.84 Rc1

  • Clam Anti-virus Clamav 0.84 Rc2

  • Clam Anti-virus Clamav 0.85

  • Clam Anti-virus Clamav 0.85.1

  • Clam Anti-virus Clamav 0.86

  • Clam Anti-virus Clamav 0.86.1

  • Clam Anti-virus Clamav 0.86.2

  • Clam Anti-virus Clamav 0.87

  • Clam Anti-virus Clamav 0.87.1

  • Clam Anti-virus Clamav 0.88


References

CERT - TA06-132A

DEBIAN - DSA-1024

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638

SECUNIA - 19536

SECUNIA - 19534

VUPEN - ADV-2006-1779

VUPEN - ADV-2006-1258

TRUSTIX - 2006-0020

BID - 17388

BUGTRAQ - 20060406 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration)

MISC - http://www.overflow.pl/adv/clamavupxinteger.txt

GENTOO - GLSA-200604-06

SECUNIA - 19570

XF - clamav-pe-overflow(25660)

BID - 17951

OSVDB - 24457

MANDRIVA - MDKSA-2006:067

CONFIRM - http://up2date.astaro.com/2006/05/low_up2date_6202.html

SECTRACK - 1015887

SECUNIA - 23719

SECUNIA - 20077

SECUNIA - 19608

SECUNIA - 19567

SECUNIA - 19564

SUSE - SUSE-SA:2006:020

APPLE - APPLE-SA-2006-05-11

Related Patches

Apple 2006-05-11 Security Update 2006-003 (10.4.6 Server)


Last Updated: 27 May 2016 10:42:09