| Vulnerability Name: | CVE-2006-1989 (CCN-26182) | ||||||||||||||||||||
| Assigned: | 2006-05-01 | ||||||||||||||||||||
| Published: | 2006-05-01 | ||||||||||||||||||||
| Updated: | 2017-07-20 | ||||||||||||||||||||
| Summary: | Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. This vulnerability is addressed in the following product release: Clam Anti-Virus, ClamAV, 0.88.2 | ||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-1989 Source: CCN Type: Mac OS X 10.4.7 Update About the security content of the Mac OS X 10.4.7 Update Source: CCN Type: Kolab Security Issue 09 20060516 buffer overflow, remotely exploitable (CVE-2006-1989) Source: CONFIRM Type: UNKNOWN http://kolab.org/security/kolab-vendor-notice-09.txt Source: APPLE Type: UNKNOWN APPLE-SA-2006-06-27 Source: CCN Type: Apple Security-Announce Mailing List, Tue, 27 Jun 2006 13:16:56 -0700 APPLE-SA-2006-06-27 Mac OS X v10.4.7 Source: SUSE Type: UNKNOWN SUSE-SR:2006:010 Source: SECUNIA Type: UNKNOWN 19874 Source: CCN Type: SA19880 ClamAV Freshclam HTTP Header Buffer Overflow Vulnerability Source: SECUNIA Type: Exploit, Patch, Vendor Advisory 19880 Source: SECUNIA Type: UNKNOWN 19912 Source: SECUNIA Type: UNKNOWN 19963 Source: SECUNIA Type: UNKNOWN 19964 Source: SECUNIA Type: UNKNOWN 20117 Source: SECUNIA Type: UNKNOWN 20159 Source: CCN Type: SA20877 Mac OS X Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 20877 Source: CCN Type: SECTRACK ID: 1016392 Clam AntiVirus Buffer Overflow in Freshclam Lets Remote Servers Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016392 Source: CCN Type: SourceForge.net: Files Clam AntiVirus - File Release Notes and Changelog - Release Name: 0.88.2 Source: CCN Type: ClamAV Web site Security advisory: 0.88.2 Source: CONFIRM Type: Exploit, Vendor Advisory http://www.clamav.net/security/0.88.2.html Source: DEBIAN Type: UNKNOWN DSA-1050 Source: DEBIAN Type: DSA-1050 clamav -- buffer overflow Source: CCN Type: GLSA-200605-03 ClamAV: Buffer overflow in Freshclam Source: GENTOO Type: UNKNOWN GLSA-200605-03 Source: CCN Type: US-CERT VU#599220 ClamAV vulnerable to buffer overflow via malicious database mirror Source: CERT-VN Type: US Government Resource VU#599220 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:080 Source: SUSE Type: UNKNOWN SUSE-SA:2006:025 Source: OSVDB Type: UNKNOWN 25120 Source: CCN Type: OSVDB ID: 25120 Clam AntiVirus Freshclam HTTP Header Remote Overflow Source: BID Type: Patch 17754 Source: CCN Type: BID-17754 Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability Source: TRUSTIX Type: UNKNOWN 2006-0024 Source: VUPEN Type: UNKNOWN ADV-2006-1586 Source: VUPEN Type: UNKNOWN ADV-2006-2566 Source: XF Type: UNKNOWN clamav-freshclam-http-bo(26182) Source: XF Type: UNKNOWN clamav-freshclam-http-bo(26182) Source: SUSE Type: SUSE-SA:2006:025 cyrus-sasl-digestmd5 denial of service attack Source: SUSE Type: SUSE-SR:2006:010 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||