Vulnerability CVE-2007-0898

Vulnerability Name:

CVE-2007-0898 (CCN-32535)

Assigned:

2007-02-15

Published:

2007-02-15

Updated:

2017-07-29

Summary:

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
This vulnerability is addressed in the following product release:
Clam Anti-Virus, ClamAV, 0.90

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2007-0898

Source: CCN
Type: Apple Web site
About Security Update 2008-002

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307562

Source: IDEFENSE
Type: Patch
20070215 Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-03-18

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:017

Source: OSVDB
Type: UNKNOWN
32282

Source: SECUNIA
Type: Vendor Advisory
24183

Source: CCN
Type: SA24187
ClamAV MIME Header Handling and CAB File Processing Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
24187

Source: SECUNIA
Type: Vendor Advisory
24192

Source: SECUNIA
Type: Vendor Advisory
24319

Source: SECUNIA
Type: Vendor Advisory
24332

Source: SECUNIA
Type: Vendor Advisory
24425

Source: CCN
Type: SA29420
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
29420

Source: GENTOO
Type: UNKNOWN
GLSA-200703-03

Source: CCN
Type: SECTRACK ID: 1017660
Clam AntiVirus MIME Parameter Directory Traversal Bug Lets Remote Users Overwrite Certain Files

Source: CCN
Type: SourceForge.net
Clam AntiVirus

Source: DEBIAN
Type: UNKNOWN
DSA-1263

Source: DEBIAN
Type: DSA-1263
clamav -- several vulnerabilities

Source: CCN
Type: GLSA-200703-03
ClamAV: Denial of Service

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:043

Source: CCN
Type: OSVDB ID: 32282
Clam AntiVirus MIME Header Traversal Arbitrary File Overwrite

Source: BID
Type: Patch
22581

Source: CCN
Type: BID-22581
ClamAV MIME Header ID Parameter String Directory Traversal Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017660

Source: VUPEN
Type: UNKNOWN
ADV-2007-0623

Source: VUPEN
Type: UNKNOWN
ADV-2008-0924

Source: XF
Type: UNKNOWN
clamav-mimeheader-directory-traversal(32535)

Source: XF
Type: UNKNOWN
clamav-mimeheader-directory-traversal(32535)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 02.15.07
Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability

Source: SUSE
Type: SUSE-SA:2007:017
clamav 0.90 update

Vulnerable Configuration:

Configuration 1:

cpe:/a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*

OR cpe:/a:clam_anti-virus:clamav:*:*:*:*:*:*:*:* (Version <= 0.88.6)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20070898	V	CVE-2007-0898	2022-06-30
oval:org.opensuse.security:def:42281	P	Security update for curl (Moderate)	2022-05-13
oval:org.opensuse.security:def:112078	P	clamav-0.103.3-1.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:31752	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:31755	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:26224	P	Security update for libvirt (Important)	2022-01-05
oval:org.opensuse.security:def:33061	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:31713	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:32230	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:31708	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:31308	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:26156	P	Security update for open-lldp (Moderate)	2021-10-26
oval:org.opensuse.security:def:26142	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:105621	P	clamav-0.103.3-1.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:32174	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:31664	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:32161	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:31231	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:31650	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:31651	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:26073	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:32117	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:36098	P	clamav-0.98.7-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42505	P	clamav-0.98.7-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42084	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:32095	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:31157	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:31608	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:31145	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31146	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31363	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:32279	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31365	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31353	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:26200	P	Security update for glibc (Moderate)	2021-02-25
oval:org.opensuse.security:def:31342	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:31341	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33022	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:31216	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:26054	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:32838	P	Security update for openexr (Moderate)	2020-12-23
oval:org.opensuse.security:def:32018	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:31565	P	Security update for openssl (Important)	2020-12-11
oval:org.opensuse.security:def:32007	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:31084	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35530	P	clamav-0.96-0.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31559	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:41937	P	clamav-0.96-0.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35677	P	clamav-0.97.3-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35874	P	clamav-0.97.7-0.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25659	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25989	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26326	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:27061	P	xorg-x11-libxcb-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30999	P	Security update for IBM Java	2020-12-01
oval:org.opensuse.security:def:31818	P	Security update for audiofile (Moderate)	2020-12-01
oval:org.opensuse.security:def:31921	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:31427	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31795	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:31576	P	Security update for sudo (Moderate)	2020-12-01
oval:org.opensuse.security:def:31931	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25093	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25423	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25760	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26495	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:25229	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:25513	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25858	P	Security update for util-linux (Moderate)	2020-12-01
oval:org.opensuse.security:def:26004	P	Security update for shotwell (Moderate)	2020-12-01
oval:org.opensuse.security:def:25424	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25628	P	Security update for dpdk (Critical)	2020-12-01
oval:org.opensuse.security:def:26001	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:25723	P	Security update for apache2-mod_auth_openidc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26365	P	Security update of chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27096	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31010	P	Security update for IBM Java	2020-12-01
oval:org.opensuse.security:def:32456	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31455	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:31811	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:31965	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:31951	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:32318	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:25157	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25507	P	Security update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:25799	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26530	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25240	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25570	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:25907	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26642	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25425	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:25709	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25647	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26379	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:31452	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:32495	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31512	P	Recommended update for python 2.7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31860	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32603	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31564	P	Security update for squid3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31782	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32340	P	Security update for socat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25081	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:25285	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:25658	P	Security update for liblouis (Low)	2020-12-01
oval:org.opensuse.security:def:25813	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:25304	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25654	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25946	P	Security update for gnome-shell (Low)	2020-12-01
oval:org.opensuse.security:def:26677	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25436	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25766	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26838	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25648	P	Security update for python36 (Important)	2020-12-01
oval:org.opensuse.security:def:25932	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26277	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26423	P	Security update for opencv (Important)	2020-12-01
oval:org.opensuse.security:def:30998	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:31774	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31599	P	Security update for tiff (Low)	2020-12-01
oval:org.opensuse.security:def:31899	P	Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:32642	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32056	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:32799	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31874	P	Security update for cyrus-imapd (Important)	2020-12-01
oval:org.opensuse.security:def:32384	P	Security update for tiff (Low)	2020-12-01
oval:org.opensuse.security:def:25082	P	Security update for ncurses (Moderate)	2020-12-01
oval:org.opensuse.security:def:25366	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:25711	P	Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:25857	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25228	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25432	P	Security update for ibus (Important)	2020-12-01
oval:org.opensuse.security:def:25805	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25960	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25500	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:25850	P	Security update for libreoffice (Low)	2020-12-01
oval:org.opensuse.security:def:26873	P	clamav on GA media (Moderate)	2020-12-01
oval:org.debian:def:1263	V	several vulnerabilities	2007-03-06

BACK