CVE-2006-1989 - Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.

CVE-2006-1989

Summary

Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. This vulnerability is addressed in the following product release: Clam Anti-Virus, ClamAV, 0.88.2

References

Vulnerable Configurations

cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*
cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*
cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*
cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2006-06-27
bid	17754
cert-vn	VU#599220
confirm	http://kolab.org/security/kolab-vendor-notice-09.txt http://www.clamav.net/security/0.88.2.html
debian	DSA-1050
gentoo	GLSA-200605-03
mandriva	MDKSA-2006:080
osvdb	25120
sectrack	1016392
secunia	19874 19880 19912 19963 19964 20117 20159 20877
suse	SUSE-SA:2006:025 SUSE-SR:2006:010
trustix	2006-0024
vupen	ADV-2006-1586 ADV-2006-2566
xf	clamav-freshclam-http-bo(26182)

Last major update

20-07-2017 - 01:31

Published

01-05-2006 - 19:06

Last modified

20-07-2017 - 01:31