Vulnerability Name:

CVE-2007-3023 (CCN-34890)

Assigned:2007-04-26
Published:2007-04-26
Updated:2012-10-31
Summary:unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-3023

Source: CCN
Type: Kolab Security Issue 15 20070601
denial of service, insecure temporary files

Source: CONFIRM
Type: UNKNOWN
http://kolab.org/security/kolab-vendor-notice-15.txt

Source: MLIST
Type: UNKNOWN
[Clamav-announce] 20070530 announcing ClamAV 0.90.3

Source: OSVDB
Type: UNKNOWN
36908

Source: SECUNIA
Type: UNKNOWN
25523

Source: CCN
Type: SA25525
Kolab Server ClamAV Denial of Service

Source: SECUNIA
Type: UNKNOWN
25525

Source: SECUNIA
Type: UNKNOWN
25688

Source: SECUNIA
Type: UNKNOWN
25796

Source: GENTOO
Type: UNKNOWN
GLSA-200706-05

Source: CONFIRM
Type: UNKNOWN
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Source: DEBIAN
Type: UNKNOWN
DSA-1320

Source: DEBIAN
Type: DSA-1320
clamav -- several vulnerabilities

Source: CCN
Type: GLSA-200706-05
ClamAV: Multiple Denials of Service

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:033

Source: CCN
Type: OSVDB ID: 36908
Clam AntiVirus unsp.c Unspecified DoS

Source: BID
Type: UNKNOWN
24358

Source: CCN
Type: BID-24358
ClamAV Multiple Unspecified Vulnerabilities

Source: XF
Type: UNKNOWN
clamav-unsp-unspecified(34890)

Source: SUSE
Type: SUSE-SA:2007:033
clamav 0.90.3 update

Source: CCN
Type: ClamAV Bugzilla Bug 464
Bug 464 - unsp.c: incorrect bounds checking

Source: CONFIRM
Type: Patch
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:kolab:kolab_server:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:kolab:kolab_server:2.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073023
    V
    		CVE-2007-3023
    2015-11-16
    oval:org.mitre.oval:def:18727
    P
    		DSA-1320-1 clamav
    2014-06-23
    oval:org.debian:def:1320
    V
    		several vulnerabilities
    2007-06-23
    BACK
    clam_anti-virus clamav 0.90
    clam_anti-virus clamav 0.90.1
    clam_anti-virus clamav 0.90.2
    clam_anti-virus clamav 0.90_rc1.1
    clam_anti-virus clamav 0.90_rc2
    kolab kolab server 2.0.4
    kolab kolab server 2.1.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    novell open enterprise server *
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    debian debian linux 4.0
    mandrakesoft mandrake linux 2007.1
    novell open enterprise server *
    novell opensuse 10.2