Vulnerability Name:

CVE-2008-0314 (CCN-41823)

Assigned:2008-04-15
Published:2008-04-15
Updated:2017-08-08
Summary:Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-0314

Source: CONFIRM
Type: UNKNOWN
http://kolab.org/security/kolab-vendor-notice-20.txt

Source: IDEFENSE
Type: Exploit
20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-09-15

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:024

Source: CCN
Type: SA29000
ClamAV Multiple Vulnerabilities

Source: CCN
Type: SA29863
Kolab Server ClamAV Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
29863

Source: SECUNIA
Type: UNKNOWN
29886

Source: SECUNIA
Type: UNKNOWN
29891

Source: SECUNIA
Type: UNKNOWN
29975

Source: SECUNIA
Type: UNKNOWN
30253

Source: SECUNIA
Type: UNKNOWN
30328

Source: CCN
Type: SA31576
Astaro update for ClamAV

Source: SECUNIA
Type: UNKNOWN
31576

Source: CCN
Type: SA31882
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31882

Source: GENTOO
Type: UNKNOWN
GLSA-200805-19

Source: CCN
Type: SECTRACK ID: 1019851
Clam AntiVirus Heap Overflow in Processing PeSpin Packed Files Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Apple Web site
About the security content of Mac OS X v10.5.5 and Security Update 2008-006

Source: CCN
Type: ClamAV Changelog, Mon Apr 14 21:35:11 CEST 2008
Check in 0.93 patches

Source: CONFIRM
Type: UNKNOWN
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Source: CCN
Type: Astaro Web site
Up2Date Announcements: Up2Date ASG V7.300 GA Release

Source: CONFIRM
Type: UNKNOWN
http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html

Source: DEBIAN
Type: UNKNOWN
DSA-1549

Source: DEBIAN
Type: DSA-1549
clamav -- buffer overflows

Source: CCN
Type: GLSA-200805-19
ClamAV: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#858595
ClamAV upack heap buffer overflow vulnerability

Source: CERT-VN
Type: US Government Resource
VU#858595

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:088

Source: CCN
Type: OSVDB ID: 44519
ClamAV libclamav spin.c Crafted PeSpin Packed PE Binary Handling Overflow

Source: BID
Type: UNKNOWN
28784

Source: CCN
Type: BID-28784
ClamAV 0.92.1 Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019851

Source: CERT
Type: US Government Resource
TA08-260A

Source: VUPEN
Type: UNKNOWN
ADV-2008-1227

Source: VUPEN
Type: UNKNOWN
ADV-2008-2584

Source: XF
Type: UNKNOWN
clamav-spin-bo(41823)

Source: XF
Type: UNKNOWN
clamav-spin-bo(41823)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 04.14.08
ClamAV libclamav PeSpin Heap Overflow Vulnerability

Source: CCN
Type: ClamAV Bugzilla Bug 876
PeSpin Heap Overflow Vulnerability

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-3358

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-3420

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-3900

Source: SUSE
Type: SUSE-SA:2008:024
clamav 0.93 security update

Source: CONFIRM
Type: UNKNOWN
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:clamav:clamav:0.92.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20080314
    V
    		CVE-2008-0314
    2015-11-16
    oval:org.mitre.oval:def:7781
    P
    		DSA-1549 clamav -- buffer overflows
    2014-06-23
    oval:org.mitre.oval:def:18708
    P
    		DSA-1549-1 clamav
    2014-06-23
    oval:org.debian:def:1549
    V
    		buffer overflows
    2008-04-17
    BACK
    clam_anti-virus clamav 0.92.1
    clamav clamav 0.92.1
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    novell open enterprise server *
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2007.1
    apple mac os x server 10.5
    apple mac os x server 10.4.11
    apple mac os x server 10.5.1
    apple mac os x server 10.5.2
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3
    mandrakesoft mandrake linux 2008.1
    apple mac os x server 10.5.3
    apple mac os x server 10.5.4