Vulnerability Name:

CVE-2007-3122 (CCN-34823)

Assigned:2007-05-30
Published:2007-05-30
Updated:2017-07-29
Summary:The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2007-3122

Source: CCN
Type: Kolab Server Web site
Kolab Groupware:: Home

Source: CCN
Type: Kolab Security Issue 15 20070601
denial of service, insecure temporary files

Source: CONFIRM
Type: UNKNOWN
http://kolab.org/security/kolab-vendor-notice-15.txt

Source: CCN
Type: Clamav-announce Mailing List, 2007-05-30 18:49 -400
announcing ClamAV 0.90.3

Source: MLIST
Type: Patch
[Clamav-announce] 20070530 announcing ClamAV 0.90.3

Source: OSVDB
Type: UNKNOWN
45392

Source: SECUNIA
Type: UNKNOWN
25523

Source: CCN
Type: SA25525
Kolab Server ClamAV Denial of Service

Source: SECUNIA
Type: UNKNOWN
25525

Source: SECUNIA
Type: UNKNOWN
25688

Source: SECUNIA
Type: UNKNOWN
25796

Source: GENTOO
Type: UNKNOWN
GLSA-200706-05

Source: CONFIRM
Type: UNKNOWN
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Source: CCN
Type: Clam AntiVirus Web site
Clam AntiVirus

Source: DEBIAN
Type: UNKNOWN
DSA-1320

Source: DEBIAN
Type: DSA-1320
clamav -- several vulnerabilities

Source: CCN
Type: GLSA-200706-05
ClamAV: Multiple Denials of Service

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:033

Source: CCN
Type: OSVDB ID: 45392
ClamAV Parsing Engine Crafted RAR File Scanning Bypass

Source: XF
Type: UNKNOWN
clamav-rar-security-bypass(34823)

Source: XF
Type: UNKNOWN
clamav-rar-security-bypass(34823)

Source: CCN
Type: ClamAV Bugzilla Bug 511
Vuln #2 | Class: AV Evasion | Format:RAR PoC Attached

Source: CONFIRM
Type: Patch
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:kolab:kolab_server:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:kolab:kolab_server:2.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073122
    V
    		CVE-2007-3122
    2015-11-16
    oval:org.mitre.oval:def:18727
    P
    		DSA-1320-1 clamav
    2014-06-23
    oval:org.debian:def:1320
    V
    		several vulnerabilities
    2007-06-23
    BACK
    clam_anti-virus clamav 0.90
    clam_anti-virus clamav 0.90.1
    clam_anti-virus clamav 0.90.2
    clam_anti-virus clamav 0.90_rc1.1
    clam_anti-virus clamav 0.90_rc2
    clam_anti-virus clamav 0.90_rc3
    kolab kolab server 2.0.4
    kolab kolab server 2.1.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    debian debian linux 4.0
    mandrakesoft mandrake linux 2007.1