Vulnerability Name:

CVE-2005-2070 (CCN-21137)

Assigned:2005-06-23
Published:2005-06-23
Updated:2008-09-05
Summary:The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-2070

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:973
Fixes for two security vulnerabilities in clamav

Source: CCN
Type: BugTraq Mailing List, 2005-06-23 17:08:34
long sendmail timeouts let attacker prevent milter quiesce

Source: BUGTRAQ
Type: Vendor Advisory
20050623 long sendmail timeouts let attacker prevent milter quiesce

Source: CCN
Type: Clam AntiVirus Web site
Clam AntiVirus

Source: DEBIAN
Type: UNKNOWN
DSA-737

Source: DEBIAN
Type: DSA-737
clamav -- remote denial of service

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:038

Source: CCN
Type: OSVDB ID: 17562
ClamAV clamav-milter Remote Connection Hold DoS

Source: BID
Type: UNKNOWN
14047

Source: CCN
Type: BID-14047
Sendmail Milter Remote Denial Of Service Weakness

Source: XF
Type: UNKNOWN
sendmail-milter-dos(21137)

Source: SUSE
Type: SUSE-SA:2005:038
clamav: multiple security and other bugfixes

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
  • AND
  • cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:737
    V
    		remote denial of service
    2005-07-05
    BACK
    sendmail sendmail 8.8.8
    sendmail sendmail 8.9.0
    sendmail sendmail 8.9.1
    sendmail sendmail 8.9.2
    sendmail sendmail 8.9.3
    sendmail sendmail 8.10
    sendmail sendmail 8.10.1
    sendmail sendmail 8.10.2
    sendmail sendmail 8.11.0
    sendmail sendmail 8.11.1
    sendmail sendmail 8.11.2
    sendmail sendmail 8.11.3
    sendmail sendmail 8.11.4
    sendmail sendmail 8.11.5
    sendmail sendmail 8.11.6
    sendmail sendmail 8.11.7
    sendmail sendmail 8.12 beta10
    sendmail sendmail 8.12 beta12
    sendmail sendmail 8.12 beta16
    sendmail sendmail 8.12 beta5
    sendmail sendmail 8.12 beta7
    sendmail sendmail 8.12.0
    sendmail sendmail 8.12.1
    sendmail sendmail 8.12.2
    sendmail sendmail 8.12.3
    sendmail sendmail 8.12.4
    sendmail sendmail 8.12.5
    sendmail sendmail 8.12.6
    sendmail sendmail 8.12.7
    sendmail sendmail 8.12.8
    sendmail sendmail 8.12.9
    sendmail sendmail 8.12.10
    sendmail sendmail 8.12.11
    sendmail sendmail 8.12.0
    sendmail sendmail 8.12.6
    sendmail sendmail 8.11.1
    sendmail sendmail 8.9.3
    sendmail sendmail 8.12.1
    sendmail sendmail 8.12.2
    sendmail sendmail 8.12.3
    sendmail sendmail 8.12.4
    sendmail sendmail 8.12.5
    sendmail sendmail 8.12.11
    sendmail sendmail 8.12.9
    sendmail sendmail 8.12.8
    sendmail sendmail 8.12.7
    sendmail sendmail 8.12 beta7
    sendmail sendmail 8.12 beta5
    sendmail sendmail 8.12 beta16
    sendmail sendmail 8.12 beta12
    sendmail sendmail 8.12 beta10
    sendmail sendmail 8.12.10
    sendmail sendmail 8.11.7
    sendmail sendmail 8.11.6
    sendmail sendmail 8.11.5
    sendmail sendmail 8.11.4
    sendmail sendmail 8.11.3
    sendmail sendmail 8.11.2
    sendmail sendmail 8.11.0
    sendmail sendmail 8.10.2
    sendmail sendmail 8.10.1
    sendmail sendmail 8.9.2
    sendmail sendmail 8.9.1
    sendmail sendmail 8.9.0
    sendmail sendmail 8.8.8
    sendmail sendmail 8.10
    conectiva linux 9.0
    suse suse linux 9.1
    conectiva linux 10
    suse suse linux 9.2
    debian debian linux 3.1
    suse linux enterprise server 9
    suse suse linux 9.3